Prepare for the Actual Certified Information Privacy Professional CIPP-E Exam Practice Materials Collection

Certified Information Privacy Professional Certified Official Practice Test CIPP-E - Apr-2023

The IAPP CIPP/E certification is an essential credential for privacy professionals working in Europe. The certification provides a comprehensive understanding of European data protection laws, including the GDPR and ePrivacy Directive. The certification exam is challenging, and passing it demonstrates a high level of expertise and knowledge in data protection. The CIPP/E certification is globally recognized and respected, and it is an excellent investment for anyone looking to advance their career in privacy and data protection.

 

NEW QUESTION # 32
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?

• A. The necessity of the bulk collection of personal data by the government.
• B. The obligation of companies to declare data breaches.
• C. The requirement to demonstrate compliance to a supervisory authority.

Answer: C

NEW QUESTION # 33
According to the GDPR. Article 4(14). biometric data is defined as:
"Personal data resulting from specific technical processing relating to the______charactenstics of a natural person" Which term could NOT be placed in the above definition?

• A. Physical.
• B. Behavioral
• C. Intellectual.
• D. Psychological.

Answer: A

NEW QUESTION # 34
When may browser settings be relied upon for the lawful application of cookies?

• A. When users are provided with information about which cookies have been set.
• B. When users are aware of the ability to adjust their settings.
• C. When it is impossible to bypass the choices made by users in their browser settings.
• D. When a user rejects cookies that are strictly necessary.

Answer: B

NEW QUESTION # 35
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority?

• A. Where the DPIA identifies that personal data needs to be transferred to other countries outside of the EEA.
• B. Where the DPIA identifies that the processing being proposed collects the sensitive data of EU citizens.
• C. Where the DPIA identifies high risks to individuals' rights and freedoms that the controller can take steps to reduce.
• D. Where the DPIA identifies risks that will require insurance for protecting its business interests.

Answer: C

NEW QUESTION # 36
In which of the following cases, cited as an example by a WP29 guidance, would conducting a single data protection impact assessment to address multiple processing operations be allowed?

• A. A medical organization that wants to begin genetic testing to support earlier research for which they have performed a DPIA.
• B. A data controller who plans to use a new technology product that has already undergone a DPIA by the product's provider.
• C. A railway operator who plans to evaluate the same video surveillance in all the train stations of his company.
• D. A marketing team that wants to collect mailing addresses of customers for whom they already have email addresses.

Answer: C

NEW QUESTION # 37
Which sentence BEST summarizes the concepts of "fairness," "lawfulness" and "transparency", as expressly required by Article 5 of the GDPR?

• A. Fairness refers to the security of personal data; lawfulness and transparency refers to the analysis of ordinances to ensure they are uniformly enforced.
• B. Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.
• C. Fairness refers to the collection of data from diverse subjects; lawfulness refers to the need for legal rules to be uniform; transparency refers to giving individuals access to their data.
• D. Fairness refers to limiting the amount of data collected from individuals; lawfulness refers to the approval of company guidelines by the state; transparency solely relates to communication of key information before collecting data.

Answer: B

Explanation:
Explanation

NEW QUESTION # 38
SCENARIO
Please use the following to answer the next question:
Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern Ireland (part of the U.K.), and commutes across the border to work in Dundalk, Ireland. Two years ago while on a business trip, Javier was photographed while working out at a branch of EVERFIT in Frankfurt, Germany. At the time, Javier gave his consent to being included in the photograph, since he was told that it would be used for promotional purposes only. Since then, the photograph has been used in the club's U.K. brochures, and it features in the landing page of its U.K. website. However, the fitness club has recently fallen into disrepute due to widespread mistreatment of members at various branches of the club in several EU member states. As a result, Javier no longer feels comfortable with his photograph being publicly associated with the fitness club.
After numerous failed attempts to book an appointment with the manager of the local branch to discuss this matter, Javier sends a letter to EVETFIT requesting that his image be removed from the website and all promotional materials. Months pass and Javier, having received no acknowledgment of his request, becomes very anxious about this matter. After repeatedly failing to contact EVETFIT through alternate channels, he decides to take action against the company.
Javier contacts the U.K. Information Commissioner's Office ('ICO' - the U.K.'s supervisory authority) to lodge a complaint about this matter. The ICO, pursuant to Article 56 (3) of the GDPR, informs the CNIL (i.e. the supervisory authority of EVERFIT's main establishment) about this matter. Despite the fact that EVERFIT has an establishment in the U.K., the CNIL decides to handle the case in accordance with Article 60 of the GDPR. The CNIL liaises with the ICO, as relevant under the cooperation procedure. In light of issues amongst the supervisory authorities to reach a decision, the European Data Protection Board becomes involved and, pursuant to the consistency mechanism, issues a binding decision.
Additionally, Javier sues EVERFIT for the damages caused as a result of its failure to honor his request to have his photograph removed from the brochure and website.
Under the cooperation mechanism, what should the lead authority (the CNIL) do after it has formed its view on the matter?

• A. Submit a draft decision to other supervisory authorities for their opinion.
• B. Submit a draft decision directly to the Commission to ensure the effectiveness of the consistency mechanism.
• C. Request that the other supervisory authorities provide the lead authority with a draft decision for its consideration.
• D. Request that members of the seconding supervisory authority and the host supervisory authority co-draft a decision.

Answer: A

NEW QUESTION # 39
If a multi-national company wanted to conduct background checks on all current and potential employees, including those based in Europe, what key provision would the company have to follow?

• A. Background checks on European employees will stem from data protection and employment law, which can vary between member states.
• B. Background checks are only authorized with prior notice and express consent from all employees including those based in Europe.
• C. Background checks on employees could be performed only under prior notice to all employees.
• D. Background checks may not be allowed on European employees, but the company can create lists based on its legitimate interests, identifying individuals who are ineligible for employment.

Answer: A

Explanation:
Explanation/Reference: https://www.shrm.org/resourcesandtools/tools-and-samples/toolkits/pages/ conductingbackgroundinvestigations.aspx

NEW QUESTION # 40
Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?

• A. The European Council
• B. The Article 29 Working Party
• C. The European Parliament
• D. The European Commission

Answer: D

NEW QUESTION # 41
Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?

• A. That it makes notification of large-scale data breaches mandatory
• B. That it essentially functions as a one-stop shop mechanism
• C. That it makes appointment of a data protection officer mandatory
• D. That it takes the form of a Regulation as opposed to a Directive

Answer: C

Explanation:
Reference https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en

NEW QUESTION # 42
A news website based m (he United Slates reports primarily on North American events The website is accessible to any user regardless of location, as the website operator does not block connections from outside of the U.S. The website offers a pad subscription that requires the creation of a user account; this subscription can only be paid in U.S. dollars.
Which of the following explains why the website operator, who is the responsible for all processing related to account creation and subscriptions, is NOT required to comply with the GDPR?

• A. Payments cannot be made in a European Union currency.
• B. The website is not available in several official languages of European Un on Member States
• C. The controller does not have an establishment in the European Union.
• D. The website cannot block connections from outside the U.S. that use a Virtual Private Network (VPN) to simulate a US location.

Answer: C

NEW QUESTION # 43
An unforeseen power outage results in company Z's lack of access to customer data for six hours. According to article 32 of the GDPR, this is considered a breach. Based on the WP 29's February, 2018 guidance, company Z should do which of the following?

• A. Notify the supervisory authority about the loss of availability
• B. Conduct a thorough audit of all security systems
• C. Document the loss of availability to demonstrate accountability
• D. Notify affected individuals that their data was unavailable for a period of time.

Answer: A

Explanation:
Explanation/Reference: https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwihmsidxtTqAhXvQUEAHXRaAdYQFjABegQIARAB& url=https%3A%2F%2Fec.europa.eu%2Fnewsroom%2Farticle29%2Fdocument.cfm%3Fdoc_id%
3D49827&usg=AOvVaw2uhYsKyRzJ6lwhQyiMURJF (5)

NEW QUESTION # 44
If a multi-national company wanted to conduct background checks on all current and potential employees, including those based in Europe, what key provision would the company have to follow?

• A. Background checks on European employees will stem from data protection and employment law, which can vary between member states.
• B. Background checks are only authorized with prior notice and express consent from all employees including those based in Europe.
• C. Background checks on employees could be performed only under prior notice to all employees.
• D. Background checks may not be allowed on European employees, but the company can create lists based on its legitimate interests, identifying individuals who are ineligible for employment.

Answer: A

NEW QUESTION # 45
The European Data Protection Board (EDPB) recommends measures to supplement transfer tools, in order to ensure compliance with the European Union (EU) level of personal data protection. According to these recommendations, what additional actions should be taken when a transfer to a third country is based upon an adequacy decision?

• A. Monitor changes in the law or practice of the third country that would tower the level of protection of personal data
• B. Adopt a supplementary data transfer mechanism.
• C. Adopt technical, contractual or organizational supplementary measures.
• D. Monitor the ongoing validity of the data transfer mechanism.

Answer: A

NEW QUESTION # 46
What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?

• A. The controller will be liable to pay an administrative fine
• B. The processor will be considered to be a controller in respect of the processing concerned
• C. The controller will be required to demonstrate that the unauthorized processing negatively affected one or more of the parties involved
• D. The processor will be liable to pay compensation to affected data subjects

Answer: D

NEW QUESTION # 47
......

Ace IAPP CIPP-E Certification with Actual Questions Apr 08, 2023 Updated: https://www.validexam.com/CIPP-E-latest-dumps.html

2023 The Most Effective CIPP-E with 252 Questions Answers: https://drive.google.com/open?id=1_I02mRQKCS-HxbULDN0tq9_X8EYSwUTo