CIPP - E questions with complete solutions 2023/2024

CIPP - EConvention 108 - correct answers treaty among member states of the Council of Europe; full name: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data e-privacy directive - correct answers applies to public electronics communications services and networks; governs the processing of location data, content data and traffic data; applies to electronic mail and telephone marketing Which institution created the Universal Declaration of Human Rights? - correct answers the UN Council of European Union or the "Council" - correct answers EU institution composed of 46 member states; one of the main decision-making bodies of the EU; also shares legislative responsibility with European Parliament European Parliament - correct answers is responsible for legislative development, supervisory oversight of other institutions, and development of the budget European Council - correct answers sets the overall political agenda/priorities of the EU European Commission - correct answers is the executive body; has the power to propose legislation; is responsible for ensuring that directives are implemented properly by member states; has the power to adopt adequacy findings for the EU Court of Justice of the EU - correct answers makes decisions on issues of EU law 4 step test - correct answers determines if data qualifies as personal data; 1. any information 2. relating to 3. an identified or identifiable 4. natural person special categories of personal data - correct answers political opinions, religious or philosophical beliefs, genetic data used to identify a natural person, health data Controller - correct answers Decides how and why to process personal data ("determines the purposes and means of processing") Processor - correct answers service provider to a data controller; only do what the controller tells them to do with personal data Data processing - correct answers is any action performed on data Material scope of the GDPR - correct answers processing personal data without human intervention OR personal data that forms part of a filing system lawful processing criteria of the GDPR - correct answers 1. contract 2. consent (exceptions must be explicit) 3. vital interests 4. compliance with legal obligation 5. necessity for public interest or official authority of controller 6. legitimate interests of controller/3rd party Consent - correct answers Freely given Specific Informed Unambiguous indication of wishes *requires some sort of action, not necessarily explicit but can't be a pre-checked box GDPR processing principles - correct answers 1. lawfulness, fairness and transparency of processing 2. purpose limitation 3. data minimization 4. accuracy 5. storage limitation