The General Data Protection Regulation (GDPR) specifies fines that may be levied against data controllers for certain infringements. Which of the following will be subject to administrative fines of up to 10 000 000 EUR, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year?
A. Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing
B. Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default
C. Failure to process personal information in a manner compatible with its original purpose
D. Failure to provide the means for a data subject to rectify inaccuracies in personal data
What is the key factor that lays the foundation for all other elements of a privacy program?
A. The applicable privacy regulations
B. The structure of a privacy team
C. A privacy mission statement
D. A responsible internal stakeholder
If your organization has a recurring issue with colleagues not reporting personal data breaches, all of the following are advisable to do EXCEPT?
A. Carry out a root cause analysis on each breach to understand why the incident happened.
B. Communicate to everyone that breaches must be reported and how they should be reported.
C. Provide role-specific training to areas where breaches are happening so they are more aware.
D. Distribute a phishing exercise to all employees to test their ability to recognize a threat attempt.
If done correctly, how can a Data Protection Impact Assessment (DPIA) create a win/win scenario for organizations and individuals?
A. By quickly identifying potentially problematic data attributes and reducing the risk exposure.
B. By allowing Data Controllers to solicit feedback from individuals about how they feel about the potential data processing.
C. By enabling Data Controllers to be proactive in their analysis of processing activities and ensuring compliance with the law.
D. By better informing about the risks associated with the processing activity and improving the organization's transparency with individuals.
Which of the following indicates you have developed the right privacy framework for your organization?
A. It includes a privacy assessment of each major system.
B. It improves the consistency of the privacy program.
C. It works at a different type of organization.
D. It identifies all key stakeholders by name.
SCENARIO
Please use the following to answer the next QUESTION:
Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth.
Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end.
Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the
following day, to get insight into how the office computer system is currently set-up and managed.
Richard believes that a transition from the use of fax machine to Internet faxing provides all of the following security benefits EXCEPT?
A. Greater accessibility to the faxes at an off-site location.
B. The ability to encrypt the transmitted faxes through a secure server.
C. Reduction of the risk of data being seen or copied by unauthorized personnel.
D. The ability to store faxes electronically, either on the user's PC or a password-protected network server.
Which of the following helps build trust with customers and stakeholders?
A. Only publish what is legally necessary to reduce your liability.
B. Enable customers to view and change their own personal information within a dedicated portal.
C. Publish your privacy policy using broad language to ensure all of your organization's activities are captured.
D. Provide a dedicated privacy space with the privacy policy, explanatory documents and operation frameworks.
What have experts identified as an important trend in privacy program development?
A. The narrowing of regulatory definitions of personal information.
B. The rollback of ambitious programs due to budgetary restraints.
C. The movement beyond crisis management to proactive prevention.
D. The stabilization of programs as the pace of new legal mandates slows.
SCENARIO
Please use the following to answer the next QUESTION:
Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the company's flagship product, the Handy Helper. The Handy Helper is an application that can be used in the home to manage family calendars, do online shopping, and schedule doctor appointments. After having had a successful launch in the United States, the Handy Helper is about to be made available for purchase worldwide. The packaging and user guide for the Handy Helper indicate that it is a "privacy friendly" product suitable for the whole family, including children, but does not provide any further detail or privacy notice. In order to use the application, a family creates a single account, and the primary user has access to all information about the other users. Upon start up, the primary user must check a box consenting to receive marketing emails from Omnipresent Omnimedia and selected marketing partners in order to be able to use the application.
Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a European distributor of Handy Helper when he fielded many Questions about the product from the distributor. Sanjay needed to look more closely at the product in order to be able to answer the Questions as he was not involved in the product development process.
In speaking with the product team, he learned that the Handy Helper collected and stored all of a user's sensitive medical information for the medical appointment scheduler. In fact, all of the user's information is stored by Handy Helper for the additional purpose of creating additional products and to analyze usage of the
product. This data is all stored in the cloud and is encrypted both during transmission and at rest.
Consistent with the CEO's philosophy that great new product ideas can come from anyone, all Omnipresent Omnimedia employees have access to user data under a program called Eureka. Omnipresent Omnimedia is hoping that at some point in the future, the data will reveal insights that could be used to create a fully automated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and is considered a long-term goal.
What can Sanjay do to minimize the risks of offering the product in Europe?
A. Sanjay should advise the distributor that Omnipresent Omnimedia has certified to the Privacy Shield Framework and there should be no issues.
B. Sanjay should work with Manasa to review and remediate the Handy Helper as a gating item before it is released.
C. Sanjay should document the data life cycle of the data collected by the Handy Helper.
D. Sanjay should write a privacy policy to include with the Handy Helper user guide.
While trying to e-mail her manager, an employee has e-mailed a list of all the company's customers, including their bank details, to an employee with the same name at a different company. Which of the following would be the first stage in the incident response plan under the General Data Protection Regulation (GDPR)?
A. Notification to data subjects.
B. Containment of impact of breach.
C. Remediation offers to data subjects.
D. Notification to the Information Commissioner's Office (ICO).
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPM exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.