CIPP/E Exam Practice Questions With Correct Answers | Latest Update Graded A+ ( 2023/2024)

CIPP/E Exam Practice Questions With Correct Answers | Latest Update Graded A+ ( 2023/2024). What are the two rights provided under article 8 of the ECHR? - Correct Answer-1. right to respect for private and family life and his correspondence. 2. No interference by public authority of this right except in accordance to law and is necessary in a democratic society in the interest of national security public safety... What does article 10 of the ECHR deal with? - Correct Answer-Right to freedom of expression and to share information and ideas across borders but qualified so as to protect the privacy of individuals What are the obligations imposed on EU member states as seen under the Data Protection Directive 95/45/EC or the Data Protection Director or 'the Directive'? - Correct Answer-The Directive sets out general principles and leaves the member states to implement these principles as they see fit. p 38 What are the exceptions to the consent required for cookies under the e-Privacy directive 2002/58/EC? - Correct Answer-where 1) storage or access is for the sole purpose of carrying out transmission of communication over an electronic network and 2) strictly necessary for information service explicitly requested by user p 43 What is the most pertinent amendment to the e-Privacy Directive? - Correct Answer-Cookies require prior information and consent. p 43 When could a data controller collect data from 3rd parties without notification to the data subjects under Data Protection Directive 95/49/EC? - Correct Answer-A pre-approved marketing effort. p 43. Who makes sure directive are implemented properly by the member states? - Correct AnswerThe European Commission. p 27-28 What institution adopts adequacy findings(by which non members are regarded as providing adequate levels of data protections) for the European Union? - Correct Answer-The European Commission. p 29 Which directive or convention contains specific provisions for data breaches? - Correct Answer-The Privacy and Electronic Communications Directive. p 42 What is the exemption in the e-Privacy Directive 2002/58/EC allowing data controllers to send electronic marketing information? - Correct Answer-The recipients are existing customers. p 43. Under the Data Protection Directive (95/46/EC) what type of data subject is not covered? - Correct Answer-Legal persons would seem not to be but is not prohibited either(and some local laws afford some protection) and also deceased individuals do not constitute 'natural persons' although in some member states (Italy) data protection rules apply to deceased individuals under certain circumstances. p 63. Name some of the conditions to be satisfied in order to process personal data in line with European Data Protection concepts/principles. - Correct Answer-Obtained and processed fairly and lawfully, for legitimate purposes, adequate/relevant/not excessive for purposes, accurate/up to date, preserved for no longer than required. p 81 Name an incompatible purpose for processing data beyond originally specified purpose. - Correct Answer-Performance of a contract. If this were not true, then a mere contract would allow processing data for any purpose. One exception is research p 87- specifically allowed p 85-86. In the Data Protection Directive 95/46/EC what is "any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to persona data relating to him being processed"? - Correct Answer-Unambiguous consent. p 94 Under Data Protection Directive 95/46/EC what info must be included in the notification of data processing? - Correct Answer-Name of the data controller processing data and the purpose of the processing. p 109 If personal data is not obtained directly from the data subject when should fair processing information be provided? - Correct Answer-At the time personal data is recorded or if disclosure to 3rd party contemplated then no later than at the time data is first disclosed. p 111 When should a company respond to a former employee's request for his personal information (email, etc.)? - Correct Answer-ASAP-taking into account local data protection rules. p 126 Within what period of time must a company respond to a former employees data requrest? - Correct Answer-As soon as possible and within the national legal requirement. p 126 What should a company do in response to a former employee's request for his email correspondence during his employment? - Correct Answer-Since the company must not infringe the right to privacy of third parties also identified in the data, affected employees may need to be informed and consent obtained before release of information to the former employee. p 132 Why does Data Protection Directive 95/46/EC require a data controller to notify a DPA about processing of personal data? - Correct Answer-Threefold: 1) foster transparency, 2) help DPA carry out regulatory functions, 3) provide source of funds for some DPAs budgets. p 163 Do BCRs (Binding Corporate Rules) provide a basis to transfer names of employees to a telecom provider in the same country in order to provide them with mobile telephone services? - Correct Answer-No, BCRs deal only with intra-organisational transfers not involving third parties. p 184 For contracts based on EU standard contractual clauses with a processor outside the EEA who must the importer/processor inform and what must he obtain before proceeding? - Correct Answer-The importer must inform the data controller and obtain its written consent. p 187