An organisation receives a request multiple times from a data
subject seeking to exercise his
rights with respect to his own personal dat a. Under what
condition can the organisation charge the
data subject for processing the request?
(A). Only where the organisation can show that it is reasonable to
do so because more than one
request was made.
(B). Only to the extent this is allowed under the restrictions on
data subjects' rights introduced under
Art 23 of GDPR.
(C). Only where the administrative costs of taking the action
requested exceeds a certain threshold.
(D). Only if the organisation can demonstrate that the request is
clearly excessive or misguided. ------CORRECT ANSWER----------
-----D). Only if the organisation can demonstrate that the request
is clearly excessive or misguided.
To provide evidence of GDPR compliance, a company performs
an internal audit. As a result, it finds a data base, password-
protected, listing all the social network followers of the client.
Regarding the domain of the controller-processor relationships,
how is this situation considered?
,A) Compliant with the security principle because the database is
password protected
B) Non-compliant, because the storage of the data exceeds the
task contractually authorized by the controller
C) Not applicable because the database is password protected
D) Compliant with the storage limitation principle ------CORRECT
ANSWER---------------B) Non-compliant, because the storage of
the data exceeds the task contractually authorized by the
controller
What are the obligations of a processor that engages a sub-
processor?
(A). The processor must give the controller prior written notice
and perform a preliminary audit of
the sub- processor.
(B). The processor must obtain the controller's specific written
authorization and provide annual
reports on the sub-processor's performance.
(C). The processor must receive a written agreement that the sub-
processor will be fully liable to the
controller for the performance of its obligations in relation to the
personal data concerned.
(D). The processor must obtain the consent of the controller and
ensure the sub-processor complies
with data processing obligations that are equivalent to those that
apply to the processor. ------CORRECT ANSWER---------------C).
The processor must receive a written agreement that the sub-
processor will be fully liable to the controller for the performance
of its obligations in relation to the personal data concerned.
,What permissions are required for a marketer to send an email
marketing message to a
consumer in the EU?
(A). A prior opt-in consent for consumers unless they are already
customers.
(B). A pre-checked box stating that the consumer agrees to
receive email marketing.
(C). A notice that the consumer's email address will be used for
marketing purposes.
(D). No prior permission required, but an opt-out requirement on
all emails sent to consumers. ------CORRECT ANSWER-------------
--A). A prior opt-in consent for consumers unless they are already
customers.
According to the E-Commerce Directive 2000/31/EC, where is the
place of "establishment"
for a company providing services via an Internet website
confirmed by the GDPR?
(A). Where the technology supporting the website is located
(B). Where the website is accessed
(C). Where the decisions about processing are made
(D). Where the customer's Internet service provider is located -----
-CORRECT ANSWER---------------(D). Where the customer's
Internet service provider is located
Which institution has the power to adopt findings that confirm the
adequacy of the data
protection level in a non-EU country?
, (A). The European Parliament
(B). The European Commission
(C). The Article 29 Working Party
(D). The European Council ------CORRECT ANSWER---------------
B). The European Commission
In which of the following situations would an individual most likely
to be able to withdraw her consent for processing?
(A). When she is leaving her bank and moving to another bank.
(B). When she has recently changed jobs and no longer works for
the same company.
(C). When she disagrees with a diagnosis her doctor has
recorded on her records.
(D). When she no longer wishes to be sent marketing materials
from an organization. ------CORRECT ANSWER---------------D).
When she no longer wishes to be sent marketing materials from
an organization.
WP29's "Guidelines on Personal data breach notification under
Regulation 2016/679''
provides examples of ways to communicate data breaches
transparently. Which of the following was
listed as a method that would NOT be effective for communicating
a breach to data subjects?
(A). A postal notification
(B). A direct electronic message
(C). A notice on a corporate blog
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller nevilletadayo. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $25.99. You're not tied to anything after your purchase.
