CIPP/E EXAM REVIEW QUESTIONS AND ANSWERS

CIPP/E EXAM REVIEW QUESTIONS AND ANSWERS De-identification - Answer-An action that one takes to *remove identifying characteristics* from data. Derogation - Answer-In the context of European Union legislation interacting with member state law, a place in an EU-wide regulation where *individual member states are left to make their own law or have the option to deviate*. Can also simply refer to an exception to a certain basic rule or principle. Direct Marketing (EU specific) - Answer-In the context of data protection law, can be defined as *personal data processed to communicate a marketing or advertising message*. This definition includes messages from commercial organisations, as well as from charities and political organisations. While it *is offered* in the GDPR as *an example* of processing for the *legitimate interest* of an organization, it also says the data subject shall have the *right to object at any time* to processing of personal data concerning him or her for such marketing, which *includes profiling* to the extent that it is related to such marketing. Disclosure - Answer-The provision of *access* to personal data. Dispute Resolution - Answer-In the context of the consistency mechanism (see Consistency Mechanism), the European Data Protection Board, *EDPB, can issue binding decisions on: objections to lead authority decisions*, on *disputes about* which supervisory authority should be *the lead authority*, and where there has been a *failure to request the EDPB's opinion* under Article 64 *or the opinion is not followed*. Durant v. Financial Services Authority - Answer-A court case in which the Court of Appeal of the United Kingdom *narrowed the definition of personal data* under the Data Protection Act of 1998. It established a *two-stage test*; the information must be biographical in a significant sense and the individual must be the focus of the information. Electronic Communications Network - Answer-Transmission systems, and, where applicable, switching or routing equipment and other resources that permit the conveyance of signals by wire, radio, optical or other electromagnetic means, including satellite networks; fixed and mobile terrestrial networks; electricity cable systems, to the extent that they are used for the purpose of transmitting signals; networks used for radio and television broadcasting, and cable television networks, irrespective of the type of information conveyed. *In the* discussions surrounding the *update of the ePrivacy Directive* to the ePrivacy Regulation, *so-called "over the top" providers, like app-based messaging services, are beginning to be considered as part of the ECN*. Employee Personal Data - Answer-*Article 88 of the General Data Protection Regulation recognises that member states may provide for more specific rules around processing this*. These rules must include suitable and specific measures to safeguard the data subject's human dignity, legitimate interests and fundamental rights, with particular regard to the transparency of processing, the transfer of personal data within