CIPP/E Practice Questions
A organization in France suffers a robbery over the weekend as a result of faulty alarm device.
When it's far decided that the damage-in entails the lack of a substanital amount of statistics,
the employer comes to a decision on a CCTV device to monitor for future incidents. Company
technicians install cameras in the entrance of the building, hallways and workplaces. Footage is
recorded continuously, and is monitored through the home workplace within the US.
What is the most realistic step the employer could take to cope with their security concerns and
corporation with the non-public data processing concepts set out in Article five of the GDPR -
ANS-Restrict digital camera placement to bilding entrances only
A business enterprise is hesitating between Binding Corporate Rules and Standard Contractual
Clauses as a global records switch answer. Which of the following statements might help the
company make an powerful decision? - ANS-Bindin Corporate Rules offer a worldwide answer
for all the entities of a employer which are sure by way of the intra-group agreement
A company is positioned in a counrty NOT taken into consideration by the EU to have an ok
degree of facts protection. Which of the subsequent is an responsibility of the corporation if it
imports private records from some other corporation inside the EEA beneath widespread
contractual clauses? - ANS-Ensure that note is given to and consent is received from records
subjects
A key issue of the OECD Guidelines is the "Individual Participation Principle". What parts of the
GDPR offer the nearest equivalent to that principle? - ANS-The rights granted to facts subects
underneath Articles 12-22
A mobile device software that uses cookies will be subject to the consent requirement of which
of the subsequent? - ANS-ePrivacy
A Spanish power consumer calls her neighborhood dealer with questions on the business
enterprise's upcoming merger. Specifically, the purchaser wants to understand the recipients to
whom her non-public statistics might be disclosed once the merger is final. According to Article
thirteen of the GDPR, what must the employer do earlier than supplying the purchaser with the
reuested statistics? - ANS-Verify that the request is aplicable to the statistics amassed before
the GDPR entered into force
A US primarily based on-line store makes use of state-of-the-art software to tune the surfing
behaviour of its EU clients and expect future purchases. It additionally shares this facts with
0.33 events. Under the GDPR, what's the web save's PRIMARY duty even as accomplishing
this sort of profiling? - ANS-It must solicit knowledgeable consent via a notice on its internet site
, A well-known video manufacturing organization primarily based in Spain, but movies
doumentaries international, has simply completed recording several hours of footage, proposing
humans in Madrid. Under what situation would the agency NOT be required to reap the consent
of every person whose photograph they use for his or her documentary? - ANS-If the agency's
fame as a documentary provider lets in it to assert legitimate hobby.
A employee inside the European Union member nation has ceased his emplyment with a
enterprise. What have to the emplyer maximum in all likelihood do in regard to the worker's
non-public statistics? - ANS-Destroy touchy infomation and store the relaxation in keeping with
relevant statistics proctection policies
According to Article 14 of the GDPR, how lengthy does a controller have to provide a statistics
challenge with essential privacy records, if that difficulty's personal statistics has been received
from different assets? - ANS-Within a reasonable duration after acquiring the private facts, but
no later that one month
According to the E-Commerce Directive, where is the region of the Establishment for a business
enterprise providing offerings thru a web internet site confirmed through the GDPR? -
ANS-Where the selections approximately processing are made
According to the GDPR, hos is pseudonymous private records described? - ANS-Data which
could now not be attributed to a specific records problem with out using additional information
kept one by one
After leaving the EU beneath the terms of Brexit, the United Kingdom will are searching for an
adequacy willpower. What is the motive for this? - ANS-UK is a third country now
All people are examined for Covid 19 and the records is manually processed. They do now not
have the Personal Data. GDPR does not observe why? - ANS-Since the statistics isn't always
subjected to computerized processing
An employee of agency X has simply noticed a memory stick containing records of purchaser
information, along with their names, addresses and full touch information has disappeared. The
records at the stick is unencrypted and in clean text. It is uncertain what has happened to the
stick as this degree, however it in all likelihood became lost all through the travel of an worker.
What need to the employer do? - ANS-Notify as quickly as possible the statistics safety
supervisory authority that a facts breach may additionally have taken location
An on line enterprise's privateness practices range due to the fact that it gives a wide sort of
offerings. How could it quality deal with the priority that explaining all of them would make the
regulations incomprehensible? - ANS-Use a layered privateness observe on its website and in
its electronic mail communications
A organization in France suffers a robbery over the weekend as a result of faulty alarm device.
When it's far decided that the damage-in entails the lack of a substanital amount of statistics,
the employer comes to a decision on a CCTV device to monitor for future incidents. Company
technicians install cameras in the entrance of the building, hallways and workplaces. Footage is
recorded continuously, and is monitored through the home workplace within the US.
What is the most realistic step the employer could take to cope with their security concerns and
corporation with the non-public data processing concepts set out in Article five of the GDPR -
ANS-Restrict digital camera placement to bilding entrances only
A business enterprise is hesitating between Binding Corporate Rules and Standard Contractual
Clauses as a global records switch answer. Which of the following statements might help the
company make an powerful decision? - ANS-Bindin Corporate Rules offer a worldwide answer
for all the entities of a employer which are sure by way of the intra-group agreement
A company is positioned in a counrty NOT taken into consideration by the EU to have an ok
degree of facts protection. Which of the subsequent is an responsibility of the corporation if it
imports private records from some other corporation inside the EEA beneath widespread
contractual clauses? - ANS-Ensure that note is given to and consent is received from records
subjects
A key issue of the OECD Guidelines is the "Individual Participation Principle". What parts of the
GDPR offer the nearest equivalent to that principle? - ANS-The rights granted to facts subects
underneath Articles 12-22
A mobile device software that uses cookies will be subject to the consent requirement of which
of the subsequent? - ANS-ePrivacy
A Spanish power consumer calls her neighborhood dealer with questions on the business
enterprise's upcoming merger. Specifically, the purchaser wants to understand the recipients to
whom her non-public statistics might be disclosed once the merger is final. According to Article
thirteen of the GDPR, what must the employer do earlier than supplying the purchaser with the
reuested statistics? - ANS-Verify that the request is aplicable to the statistics amassed before
the GDPR entered into force
A US primarily based on-line store makes use of state-of-the-art software to tune the surfing
behaviour of its EU clients and expect future purchases. It additionally shares this facts with
0.33 events. Under the GDPR, what's the web save's PRIMARY duty even as accomplishing
this sort of profiling? - ANS-It must solicit knowledgeable consent via a notice on its internet site
, A well-known video manufacturing organization primarily based in Spain, but movies
doumentaries international, has simply completed recording several hours of footage, proposing
humans in Madrid. Under what situation would the agency NOT be required to reap the consent
of every person whose photograph they use for his or her documentary? - ANS-If the agency's
fame as a documentary provider lets in it to assert legitimate hobby.
A employee inside the European Union member nation has ceased his emplyment with a
enterprise. What have to the emplyer maximum in all likelihood do in regard to the worker's
non-public statistics? - ANS-Destroy touchy infomation and store the relaxation in keeping with
relevant statistics proctection policies
According to Article 14 of the GDPR, how lengthy does a controller have to provide a statistics
challenge with essential privacy records, if that difficulty's personal statistics has been received
from different assets? - ANS-Within a reasonable duration after acquiring the private facts, but
no later that one month
According to the E-Commerce Directive, where is the region of the Establishment for a business
enterprise providing offerings thru a web internet site confirmed through the GDPR? -
ANS-Where the selections approximately processing are made
According to the GDPR, hos is pseudonymous private records described? - ANS-Data which
could now not be attributed to a specific records problem with out using additional information
kept one by one
After leaving the EU beneath the terms of Brexit, the United Kingdom will are searching for an
adequacy willpower. What is the motive for this? - ANS-UK is a third country now
All people are examined for Covid 19 and the records is manually processed. They do now not
have the Personal Data. GDPR does not observe why? - ANS-Since the statistics isn't always
subjected to computerized processing
An employee of agency X has simply noticed a memory stick containing records of purchaser
information, along with their names, addresses and full touch information has disappeared. The
records at the stick is unencrypted and in clean text. It is uncertain what has happened to the
stick as this degree, however it in all likelihood became lost all through the travel of an worker.
What need to the employer do? - ANS-Notify as quickly as possible the statistics safety
supervisory authority that a facts breach may additionally have taken location
An on line enterprise's privateness practices range due to the fact that it gives a wide sort of
offerings. How could it quality deal with the priority that explaining all of them would make the
regulations incomprehensible? - ANS-Use a layered privateness observe on its website and in
its electronic mail communications
