A German data subject was the victim of an embarrassing prank 20 years ago. A newspaper
website published an article about the prank at the time, and the article is still available on the
newspaper's website. Unfortunately, the prank is the top search result when a user searches on the
victim's ...
CIPP/E Exam Questions and Answers
100% Accurate
A German data subject was the victim of an embarrassing prank 20 years ago. A
newspaper
website published an article about the prank at the time, and the article is still available
on the
newspaper's website. Unfortunately, the prank is the top search result when a user
searches on the
victim's name. The data subject requests that SearchCo delist this result. SearchCo
agrees, and
instructs its technology team to avoid scanning or indexing the article.
What else must SearchCo do?
(A). Notify the newspaper that its article it is delisting the article.
(B). Fully erase the URL to the content, as opposed to delist which is mainly based on
data subject's
name.
(C). Identify other controllers who are processing the same information and inform them
of the
delisting request.
(D). Prevent the article from being listed in search results no matter what search terms
are entered
into the search engine. - ANSWER-(A). Notify the newspaper that its article it is delisting
the article.
Which of the following is NOT a role of works councils?
(A). Determining the monetary fines to be levied against employers for data breach
violations of
employee data.
(B). Determining whether to approve or reject certain decisions of the employer that
affect
employees.
(C). Determining whether employees' personal data can be processed or not.
(D). Determining what changes will affect employee working conditions. - ANSWER-C).
Determining whether employees' personal data can be processed or not.
Which of the following would NOT be relevant when determining if a processing activity
would
be considered profiling?
,(A). If the processing is to be performed by a third-party vendor
(B). If the processing involves data that is considered personal data
(C). If the processing of the data is done through automated means
(D). If the processing is used to predict the behavior of data subjects - ANSWER-(D). If
the processing is used to predict the behavior of data subjects
The GDPR forbids the practice of "forum shopping", which occurs when companies do
what?
(A). Choose the data protection officer that is most sympathetic to their business
concerns.
(B). Designate their main establishment in member state with the most flexible
practices.
(C). File appeals of infringement judgments with more than one EU institution
simultaneously.
(D). Select third-party processors on the basis of cost rather than quality of privacy
protection - ANSWER-(B). Designate their main establishment in member state with the
most flexible practices.
Bioface is a company based in the United States. It has no servers, personnel or assets
in the
European Union. By collecting photographs from social media and other web-based
services, such as
newspapers and blogs, it uses machine learning to develop a facial recognition
algorithm. The
algorithm identifies individuals in photographs who are not in its data set based the
algorithm and its
existing dat a. The service collects photographs of data subjects in the European Union
and will
identify them if presented with their photographs. Bioface offers its service to
government agencies
and companies in the United States and Canada, but not to those in the European
Union. Bioface
does not offer the service to individuals.
Why is Bioface subject to the territorial scope of the General Data Protection
Regulation?
(A). It collects data from European Union websites, which constitutes an establishment
in the
European Union.
(B). It offers services in the European Union by identifying data subjects in the
European Union.
(C). It collects data from subjects and uses it for automated processing.
(D). It monitors the behavior of data subjects in the European Union. - ANSWER-A). It
collects data from European Union websites, which constitutes an establishment in the
European Union.
, Which of the following was the first legally binding international instrument in the area of
data protection?
A) Convention 108
B)GDPR
C)Universal Decl of Human Rights
D)EU Directive on Privacy - ANSWER-A) Convention 108
Which area of privacy is a lead supervisory authority's (LSA) MAIN concern?
(A). Data subject rights
(B). Data access disputes
(C). Cross-border processing
(D). Special categories of data - ANSWER-C). Cross-border processing
An employee of company ABCD has just noticed a memory stick containing records of
client
data, including their names, addresses and full contact details has disappeared. The
data on the stick
is unencrypted and in clear text. It is uncertain what has happened to the stick at this
stage, but it
likely was lost during the travel of an employee. What should the company do?
(A). Notify as soon as possible the data protection supervisory authority that a data
breach may have
taken place.
(B). Launch an investigation and if nothing is found within one month, notify the data
protection
supervisory authority.
(C). Invoke the "disproportionate effort" exception under Article 33 to postpone notifying
data
subjects until more information can be gathered.
(D). Immediately notify all the customers of the company that their information has been
accessed by
an unauthorized person. - ANSWER-A). Notify as soon as possible the data protection
supervisory authority that a data breach may have taken place.
An unforeseen power outage results in company Z's lack of access to customer data for
six
hours. According to article 32 of the GDPR, this is considered a breach. Based on the
WP 29's
February, 2018 guidance, company Z should do which of the following?
(A). Notify affected individuals that their data was unavailable for a period of time.
(B). Document the loss of availability to demonstrate accountability
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller IMORA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.89. You're not tied to anything after your purchase.
