Question # 1 When would a data subject NOT be able to exercise the right to portability?
A. When the processing is necessary to perform a task in the exercise of authority vested in the controller.
B. Whn the processing is carried out pursuant to a contract with the data subject.
C. When the data was supplied to the controller by the data subject.
D. When the processing is based on consent.
Click for Answer
A. When the processing is necessary to perform a task in the exercise of authority vested in the controller.
Answer Description Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-thegeneral- data-protection- regulation-gdpr/individual-rights/right-to-data-portability/
Question # 2 The GDPR forbids the practice of “forum shopping”, which occurs when companies do what?
A. Choose the data protection officer that is most sympathetic to their business concerns.
B. Designate their main establishment in member state with the most flexible practices.
C. File appeals of infringement judgments with more than one EU institution simultaneously.
D. Select third-party processors on the basis of cost rather than quality of privacy protection.
Click for Answer
B. Designate their main establishment in member state with the most flexible practices.
Question # 3 Why is advisable to avoid consent as a legal basis for an employer to process employee data?
A. Employee data can only be processed if there is an approval from the data protection officer.
B. Consent may not be valid if the employee feels compelled to provide it.
C. An employer might have difficulty obtaining consent from every employee.
D. Data protection laws do not apply to processing of employee data
Click for Answer
A. Employee data can only be processed if there is an approval from the data protection officer.
Question # 4 Please use the following to answer the next question: Due to rapidly expanding workforce, Company A has decided to outsource its payroll function to Company B. Company B is an established payroll service provider with a sizable client base and a solid reputation in the industry. Company B’s payroll solution for Company A relies on the collection of time and attendance data obtained via a biometric entry system installed in each of Company A’s factories. Company B won’t hold any biometric data itself, but the related data will be uploaded to Company B’s UK servers and used to provide the payroll service. Company B’s live systems will contain the following information for each of Company A’s employees: Name Address Date of Birth Payroll number National Insurance number Sick pay entitlement Maternity/paternity pay entitlement Holiday entitlement Pension and benefits contributions Trade union contributions Jenny is the compliance officer at Company A. She first considers whether Company A needs to carry out a data protection impact assessment in relation to the new time and attendance system, but isn’t sure whether or not this is required. Jenny does know, however, that under the GDPR there must be a formal written agreement requiring Company B to use the time and attendance data only for the purpose of providing the payroll service, and to apply appropriate technical and organizational security measures for safeguarding the data. Jenny suggests that Company B obtain advice from its data protection officer. The company doesn’t have a DPO but agrees, in the interest of finalizing the contract, to sign up for the provisions in full. Company A enters into the contract. Weeks later, while still under contract with Company A, Company B embarks upon a separate project meant to enhance the functionality of its payroll service, and engages Company C to help. Company C agrees to extract all personal data from Company B’s live systems in order to create a new database for Company B. This database will be stored in a test environment hosted on Company C’s U.S. server. The two companies agree not to include any data processing provisions in their services agreement, as data is only being used for IT testing purposes. Unfortunately, Company C’s U.S. server is only protected by an outdated IT security system, and suffers a cyber security incident soon after Company C begins work on the project. As a result, data relating to Company A’s employees is visible to anyone visiting Company C’s website. Company A is unaware of this until Jenny receives a letter from the supervisory authority in connection with the investigation that ensues. As soon as Jenny is made aware of the breach, she notifies all affected employees. The GDPR requires sufficient guarantees of a company’s ability to implement adequate technical and organizational measures. What would be the most realistic way that Company B could have fulfilled this requirement?
A. Hiring companies whose measures are consistent with recommendations of accrediting bodies.
B. Requesting advice and technical support from Company A’s IT team.
C. Avoiding the use of another company’s data to improve their own services.
D. Vetting companies’ measures with the appropriate supervisory authority.
Click for Answer
A. Hiring companies whose measures are consistent with recommendations of accrediting bodies.
Answer Description Reference: https://www.knowyourcompliance.com/gdpr-technical-organisational-measures/
Question # 5 Please use the following to answer the next question: Joe started the Gummy Bear Company in 2000 from his home in Vermont, USA. Today, it is a multi-billion-dollar candy company operating in every continent. All of the company’s IT servers are located in Vermont. This year Joe hires his son Ben to join the company and head up Project Big, which is a major marketing strategy to triple gross revenue in just 5 years. Ben graduated with a PhD in computer software from a top university. Ben decided to join his father’s company, but is also secretly working on launching a new global online dating website company called Ben Knows Best. Ben is aware that the Gummy Bear Company has millions of customers and believes that many of them might also be interested in finding their perfect match. For Project Big, Ben redesigns the company’s online web portal and requires customers in the European Union and elsewhere to provide additional personal information in order to remain a customer. Project Ben begins collecting data about customers’ philosophical beliefs, political opinions and marital status. If a customer identifies as single, Ben then copies all of that customer’s personal data onto a separate database for Ben Knows Best. Ben believes that he is not doing anything wrong, because he explicitly asks each customer to give their consent by requiring them to check a box before accepting their information. As Project Big is an important project, the company also hires a first year college student named Sam, who is studying computer science to help Ben out. Ben calls out and Sam comes across the Ben Knows Best database. Sam is planning on going to Ireland over Spring Beak with 10 of his friends, so he copies all of the customer information of people that reside in Ireland so that he and his friends can contact people when they are in Ireland. Joe also hires his best friend’s daughter, Alice, who just graduated from law school in the U.S., to be the company’s new General Counsel. Alice has heard about the GDPR, so she does some research on it. Alice approaches Joe and informs him that she has drafted up Binding Corporate Rules for everyone in the company to follow, as it is important for the company to have in place a legal mechanism to transfer data internally from the company’s operations in the European Union to the U.S. Joe believes that Alice is doing a great job, and informs her that she will also be in-charge of handling a major lawsuit that has been brought against the company in federal court in the U.S. To prepare for the lawsuit, Alice instructs the company’s IT department to make copies of the computer hard drives from the entire global sales team, including the European Union, and send everything to her so that she can review everyone’s information. Alice believes that Joe will be happy that she did the first level review, as it will save the company a lot of money that would otherwise be paid to its outside law firm. In preparing the company for its impending lawsuit, Alice’s instruction to the company’s IT Department violated Article 5 of the GDPR because the company failed to first do what?
A. Send out consent forms to all of its employees.
B. Minimize the amount of data collected for the lawsuit.
C. Inform all of its employees about the lawsuit.
D. Encrypt the data from all of its employees.
Click for Answer
B. Minimize the amount of data collected for the lawsuit.
Question # 6 Please use the following to answer the next question: Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern Ireland (part of the U.K.), and commutes across the border to work in Dundalk, Ireland. Two years ago while on a business trip, Javier was photographed while working out at a branch of EVERFIT in Frankfurt, Germany. At the time, Javier gave his consent to being included in the photograph, since he was told that it would be used for promotional purposes only. Since then, the photograph has been used in the club’s U.K. brochures, and it features in the landing page of its U.K. website. However, the fitness club has recently fallen into disrepute due to widespread mistreatment of members at various branches of the club in several EU member states. As a result, Javier no longer feels comfortable with his photograph being publicly associated with the fitness club. After numerous failed attempts to book an appointment with the manager of the local branch to discuss this matter, Javier sends a letter to EVETFIT requesting that his image be removed from the website and all promotional materials. Months pass and Javier, having received no acknowledgment of his request, becomes very anxious about this matter. After repeatedly failing to contact EVETFIT through alternate channels, he decides to take action against the company. Javier contacts the U.K. Information Commissioner’s Office (‘ICO’ – the U.K.’s supervisory authority) to lodge a complaint about this matter. The ICO, pursuant to Article 56 (3) of the GDPR, informs the CNIL (i.e. the supervisory authority of EVERFIT’s main establishment) about this matter. Despite the fact that EVERFIT has an establishment in the U.K., the CNIL decides to handle the case in accordance with Article 60 of the GDPR. The CNIL liaises with the ICO, as relevant under the cooperation procedure. In light of issues amongst the supervisory authorities to reach a decision, the European Data Protection Board becomes involved and, pursuant to the consistency mechanism, issues a binding decision. Additionally, Javier sues EVERFIT for the damages caused as a result of its failure to honor his request to have his photograph removed from the brochure and website. Under the cooperation mechanism, what should the lead authority (the CNIL) do after it has formed its view on the matter?
A. Submit a draft decision to other supervisory authorities for their opinion.
B. Request that the other supervisory authorities provide the lead authority with a draft decision for its consideration.
C. Submit a draft decision directly to the Commission to ensure the effectiveness of the consistency mechanism.
D. Request that members of the seconding supervisory authority and the host supervisory authority co-draft a decision
Click for Answer
B. Request that the other supervisory authorities provide the lead authority with a draft decision for its consideration.
Question # 7 Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a sales representative from the up-and-coming IT company Techiva, hoping that they can design a new, cutting-edge website for TripBliss Inc.’s foundering business. During negotiations, a Techiva representative describes a plan for gathering more customer information through detailed Questionaires, which could be used to tailor their preferences to specific travel destinations. TripBliss Inc. can choose any number of data categories – age, income, ethnicity – that would help them best accomplish their goals. Oliver loves this idea, but would also like to have some way of gauging how successful this approach is, especially since the Questionaires will require customers to provide explicit consent to having their data collected. The Techiva representative suggests that they also run a program to analyze the new website’s traffic, in order to get a better understanding of how customers are using it. He explains his plan to place a number of cookies on customer devices. The cookies will allow the company to collect IP addresses and other information, such as the sites from which the customers came, how much time they spend on the TripBliss Inc. website, and which pages on the site they visit. All of this information will be compiled in log files, which Techiva will analyze by means of a special program. TripBliss Inc. would receive aggregate statistics to help them evaluate the website’s effectiveness. Oliver enthusiastically engages Techiva for these services. Techiva assigns the analytics portion of the project to longtime account manager Leon Santos. As is standard practice, Leon is given administrator rights to TripBliss Inc.’s website, and can authorize access to the log files gathered from it. Unfortunately forTripBliss Inc., however, Leon is taking on this new project at a time when his dissatisfaction with Techiva is at a high point. In order to take revenge for what he feels has been unfair treatment at the hands of the company, Leon asks his friend Fred, a hobby hacker, for help. Together they come up with the following plan: Fred will hack into Techiva’s system and copy their log files onto a USB stick. Despite his initial intention to send the USB to the press and to the data protection authority in order to denounce Techiva, Leon experiences a crisis of conscience and ends up reconsidering his plan. He decides instead to securely wipe all the data from the USB stick and inform his manager that the company’s system of access control must be reconsidered. With regard to TripBliss Inc.’s use of website cookies, which of the following statements is correct?
A. Because not all of the cookies are strictly necessary to enable the use of a service requested from TripBliss Inc., consent requirements apply to their use of cookies.
B. Because of the categories of data involved, explicit consent for the use of cookies must be obtained separately from customers.
C. Because Techiva will receive only aggregate statistics of data collected from the cookies, no additional consent is necessary.
D. Because the use of cookies involves the potential for location tracking, explicit consent must be obtained from customers.
Click for Answer
B. Because of the categories of data involved, explicit consent for the use of cookies must be obtained separately from customers.
Question # 8 Under Article 80(1) of the GDPR, individuals can elect to be represented by not-for-profit organizations in a privacy group litigation or class action. These organizations are commonly known as?
A. Law firm organizations.
B. Civil society organizations.
C. Human rights organizations.
D. Constitutional rights organizations.
Click for Answer
A. Law firm organizations.
Up-to-Date
We always provide up-to-date CIPP-E exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Certified Information Privacy Professional/Europe (CIPP/E) practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the CIPP-E exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download Certified Information Privacy Professional Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
We are UK based company, selling CIPP-E practice test questions answers. We have a team of 34 people in Research, Writing, QA, Sales, Support and Marketing departments and helping people get success in their life.
We dont have a single unsatisfied IAPP customer in this time. Our customers are our asset and precious to us more than their money.
CIPP-E Dumps
We have recently updated IAPP CIPP-E dumps study guide. You can use our Certified Information Privacy Professional braindumps and pass your exam in just 24 hours. Our Certified Information Privacy Professional/Europe (CIPP/E) real exam contains latest questions. We are providing IAPP CIPP-E dumps with updates for 3 months. You can purchase in advance and start studying. Whenever IAPP update Certified Information Privacy Professional/Europe (CIPP/E) exam, we also update our file with new questions. Passin1day is here to provide real CIPP-E exam questions to people who find it difficult to pass exam
Certified Information Privacy Professional can advance your marketability and prove to be a key to differentiating you from those who have no certification and Passin1day is there to help you pass exam with CIPP-E dumps. IAPP Certifications demonstrate your competence and make your discerning employers recognize that Certified Information Privacy Professional/Europe (CIPP/E) certified employees are more valuable to their organizations and customers. We have helped thousands of customers so far in achieving their goals. Our excellent comprehensive IAPP exam dumps will enable you to pass your certification Certified Information Privacy Professional exam in just a single try. Passin1day is offering CIPP-E braindumps which are accurate and of high-quality verified by the IT professionals. Candidates can instantly download Certified Information Privacy Professional dumps and access them at any device after purchase. Online Certified Information Privacy Professional/Europe (CIPP/E) practice tests are planned and designed to prepare you completely for the real IAPP exam condition. Free CIPP-E dumps demos can be available on customer’s demand to check before placing an order.
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my IAPP exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your CIPP-E exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Certified Information Privacy Professional/Europe (CIPP/E) braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.