The best way to help ensure that reasonable and appropriate security measures are in place to protect personal data is to establish?
A. A stricter credentialling process so that only employees, and not contractors, have access to sensitive personal data.
B. A privilege management process so that only certain employees or contractors have the ability to alter or delete personal data.
C. A physical security policy that prohibits contractors from bringing personal devices into any environment, but permits employees to do so.
D. A quarterly audit of both the test and development environments to validate alterations or deletions of any data by employees and contractors.
As the Data Protection Officer (DPO) for the growing company, Vision 3468, what would be the most cost effective way to monitor changes in laws and regulations?
A. Engage an external lawyer.
B. Regularly engage regulators.
C. Attend workshops and interact with other professionals.
D. Subscribe to mailing lists that report on regulatory changes.
A “right to erasure” request could be rejected if the processing of personal data is for?
A. An outdated original purpose.
B. Compliance with legal obligation.
C. The offer of information society services.
D. The establishment of personal legal claims.
A marketing team regularly exports spreadsheets to use for analysis including customer name, birthdate and home address. These spreadsheets are routinely shared between members of various teams via email even with employees that do not need such granular data.
What is the best way to lower overall risk?
A. Set up security measures in the company's email client to prevent spreadsheets with customer information to accidentally being sent to external recipients.
B. Anonymize exportable data by creating categories of information, like age range and geographic region.
C. Allow the free exchange of information to continue but require spreadsheets be password protected.
D. Allow only certain users to export customer data from the database.
Post-liquidation, a company that has acquired assets would require separate consent from a data subject if personally identifiable data were being retained for which purpose?
A. For tax purposes.
B. For analytical purposes.
C. To be able to ensure payment of pension funds.
D. To secure employment benefits for former employees.
Training and awareness metrics in a privacy program are necessary to?
A. Identify data breaches.
B. Implement privacy policies.
C. Demonstrate compliance with regulations.
D. Educate customers on the organization's data practices.
Which of the following information must be provided by the data controller when complying with the General Data Protection Regulation (GDPR) “right to access” requirements?
A. The purpose of personal data processing.
B. The data subject's right to withdraw consent.
C. The contact details of the Data Protection Officer (DPO).
D. The type of organizations with whom personal data was shared.
Which of the following conditions will definitely trigger a Data Protection Impact Assessment (DPIA)?
A. When a company acquires a new business entity.
B. When Human Resources engages a new employee benefit provider.
C. When a new system is deployed to track an individual's location or behavior.
D. When a new application is developed to track data subject access requests.
The least useful metric for optimizing the design of your data subject request workflow is tracking the number of data subjects who?
A. Made requests by geographic origin.
B. Used an automated service for the request.
C. Made requests to know vs. requests to be deleted.
D. Authorized another person to make the request on their behalf.
During a merger and acquisition, the most comprehensive review of privacy risks and gaps occurs when conducting what activity?
A. Transfer Impact Assessment (TIA).
B. Risk identification review.
C. Due diligence.
D. Integration.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPM exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.