CIPP/E Practice Questions and Answers
Save
Terms in this set (127)
Which statement is correct The right to privacy has to be balanced against other
when considering the rights under the ECHR
right to privacy under
article 8 of the European
Convention on Human
Rights?
What is the one major The restriction of cross-border data flow
goal that the OECD
Guidelinges, Convention
108, and the Directive all
had in common but
largely failed to achieve in
Europe?
Which EU institution is Commission
vested with the
competence to propose
new data protection
legislation on its own
initiative?
Which institution has the European Commission
power to adopt findings
that confirm the adequacy
of the data protection
level in a non-EU country?
,What type of data lies Anonymised
beyond the scope of the
GDPR?
What is the consequence The processor will be considered to be a controller
if a processor makes an
independent decision
regarding the purposes
and means of processing
it carries out on behalf of
a controller?
With the issue of consent, The age which children must be required to obtain
the GDPR allows member parental consent
states some choice
regarding what?
Which sentence BEST Fairness and transparency refer to the communication
summarizes the concepts of key information before collecting data; lawfulness
of Fairness, lawfullness, refers to compliance with government regulations
and transparency, as
expressly required by
Article 5 of the GDPR?
Assuming that the "without 1 month + additional 2 months
undue delay" provison is
followed, what is the time
limit for complying with a
data access request?
, Company X has entrusted Company X
the processing of their
payroll data provider to Y.
Provider Y stores this
encrypted data on its
server. The IT department
of Provider Y finds out that
someone managed to
hack into the system and
take a copy of the data
from its server. In this
scenario, whom does
Provider Y have the
obligation to notify?
The core activites of the controller or processor
Which of the following
consist of processing operations that require
would require
systematic monitoring of data subjects on a large
designationg a data
scale. (public authority or large scal sensitive data
protection officer?
would apply as well)
When is a data sharing When personal data is being shared between
agreement MOST likely to commercial orgs acting as joint data controllers
be needed?
Save
Terms in this set (127)
Which statement is correct The right to privacy has to be balanced against other
when considering the rights under the ECHR
right to privacy under
article 8 of the European
Convention on Human
Rights?
What is the one major The restriction of cross-border data flow
goal that the OECD
Guidelinges, Convention
108, and the Directive all
had in common but
largely failed to achieve in
Europe?
Which EU institution is Commission
vested with the
competence to propose
new data protection
legislation on its own
initiative?
Which institution has the European Commission
power to adopt findings
that confirm the adequacy
of the data protection
level in a non-EU country?
,What type of data lies Anonymised
beyond the scope of the
GDPR?
What is the consequence The processor will be considered to be a controller
if a processor makes an
independent decision
regarding the purposes
and means of processing
it carries out on behalf of
a controller?
With the issue of consent, The age which children must be required to obtain
the GDPR allows member parental consent
states some choice
regarding what?
Which sentence BEST Fairness and transparency refer to the communication
summarizes the concepts of key information before collecting data; lawfulness
of Fairness, lawfullness, refers to compliance with government regulations
and transparency, as
expressly required by
Article 5 of the GDPR?
Assuming that the "without 1 month + additional 2 months
undue delay" provison is
followed, what is the time
limit for complying with a
data access request?
, Company X has entrusted Company X
the processing of their
payroll data provider to Y.
Provider Y stores this
encrypted data on its
server. The IT department
of Provider Y finds out that
someone managed to
hack into the system and
take a copy of the data
from its server. In this
scenario, whom does
Provider Y have the
obligation to notify?
The core activites of the controller or processor
Which of the following
consist of processing operations that require
would require
systematic monitoring of data subjects on a large
designationg a data
scale. (public authority or large scal sensitive data
protection officer?
would apply as well)
When is a data sharing When personal data is being shared between
agreement MOST likely to commercial orgs acting as joint data controllers
be needed?
