If a data subject puts a complaint before a DPA and receives no information about its progress or outcome, how long does the data subject have to wait before taking action in the courts?
A. 1 month.
B. 3 months.
C. 5 months.
D. 12 months.
In the EDPB's Guidelines 4/2019 on Article 25 Data Protection by Design and by Default, all of the following practices follow from the principles relating to the processing of personal data under EU data protection law EXCEPT?
A. Data ownership allocation.
B. Access control management.
C. Frequent pseudonymization key rotation.
D. Error propagation avoidance along the processing chain.
Which of the following is NOT a role of works councils?
A. Determining the monetary fines to be levied against employers for data breach violations of employee data.
B. Determining whether to approve or reject certain decisions of the employer that affect employees.
C. Determining whether employees' personal data can be processed or not.
D. Determining what changes will affect employee working conditions.
SCENARIO Please use the following to answer the next question:
Gentle Hedgehog Inc. is a privately owned website design agency incorporated in Italy. The company has numerous remote workers in different EU countries. Recently, the management of Gentle Hedgehog noticed a decrease in productivity
of their sales team, especially among remote workers. As a result, the company plans to implement a robust but privacy-friendly remote surveillance system to prevent absenteeism, reward top performers, and ensure the best quality of
customer service when sales people are interacting with customers.
Gentle Hedgehog eventually hires Sauron Eye Inc., a Chinese vendor of employee surveillance software whose European headquarters is in Germany. Sauron Eye s software provides powerful remote-monitoring capabilities, including 24/7
access to computer cameras and microphones, screen captures, emails, website history, and keystrokes. Any device can be remotely monitored from a central server that is securely installed at Gentle Hedgehog headquarters. The
monitoring is invisible by default; however, a so-called Transparent Mode, which regularly and conspicuously notifies all users about the monitoring and its precise scope, also exists. Additionally, the monitored employees are required to use
a built-in verification technology involving facial recognition each time they log in.
All monitoring data, including the facial recognition data, is securely stored in Microsoft Azure cloud servers operated by Sauron Eye, which are physically located in France.
After fixing the privacy problems, how long may Gentle Hedgehog store the monitoring data, assuming that no valid data erasure request is received?
A. As long as required by the company's legitimate interests.
B. As long as a concerned employee does not request erasure of the data.
C. As long as provided by the EDPB guidelines for remote employee monitoring.
D. As long as stated in the privacy policy that all employees must follow when processing personal data.
SCENARIO Please use the following to answer the next question:
Gentle Hedgehog Inc. is a privately owned website design agency incorporated in Italy. The company has numerous remote workers in different EU countries. Recently, the management of Gentle Hedgehog noticed a decrease in productivity
of their sales team, especially among remote workers. As a result, the company plans to implement a robust but privacy-friendly remote surveillance system to prevent absenteeism, reward top performers, and ensure the best quality of
customer service when sales people are interacting with customers.
Gentle Hedgehog eventually hires Sauron Eye Inc., a Chinese vendor of employee surveillance software whose European headquarters is in Germany. Sauron Eye s software provides powerful remote-monitoring capabilities, including 24/7
access to computer cameras and microphones, screen captures, emails, website history, and keystrokes. Any device can be remotely monitored from a central server that is securely installed at Gentle Hedgehog headquarters. The
monitoring is invisible by default; however, a so-called Transparent Mode, which regularly and conspicuously notifies all users about the monitoring and its precise scope, also exists. Additionally, the monitored employees are required to use
a built-in verification technology involving facial recognition each time they log in.
All monitoring data, including the facial recognition data, is securely stored in Microsoft Azure cloud servers operated by Sauron Eye, which are physically located in France.
Under what condition could the surveillance system be used on the personal devices of employees?
A. Only if the monitoring system is manufactured by a European vendor storing the monitoring data within the EU.
B. Only if the employees give valid consent and the monitoring is narrowly limited to their professional tasks.
C. Only if the cloud that stores the monitoring data is certified by the EDPB as GDPR compliant.
D. Only if the employer offers an adequate compensation for using the employee's devices.
According to the European Data Protection Board, if a controller that is not established in the EU but still subject to the GDPR becomes aware of a personal data breach, which supervisory authority or authorities must be notified?
A. Only the supervisory authority of the EU member state in which the controller's EU representative (pursuant to Article 27) is established.
B. Only one lead supervisory authority, as a controller benefits from the one-stop shop mechanism under the GDPR's enforcement regime.
C. Every supervisory authority of the EU member states where the controller is offering goods or services.
D. Every supervisory authority for which affected data subjects reside in their EU member state.
A private company has establishments in France, Poland, the United Kingdom and, most prominently, Germany, where its headquarters is established. The company offers its services worldwide. Most of the services are designed in Germany and supported in the other establishments. However, one of the services, a Software as a Service (SaaS) application, was defined and implemented by the Polish establishment. It is also supported by the other establishments.
What is the lead supervisory authority for the SaaS service?
A. The supervisory authority of Germany at federal level.
B. The supervisory authority of Germany at regional level.
C. The supervisory authority of the Republic of Poland.
D. The supervisory authority of the European Union.
All of the following will be established by the second Network and Information Security Directive ("NIS2") EXCEPT?
A. Baseline cybersecurity measures that each covered entity must address.
B. Powers to inspect, audit, or require information from covered organizations.
C. A common controls framework that every organization must adopt.
D. A new network for EU member states to cooperate on large-scale breaches.
A high-ranking employee has his laptop bag stolen in a train station. In addition to the laptop, the bag contained the employee's ID card, confidential company documents (such as financial information and minutes of board meetings, including participants and their roles), company payment cards, and authorization tokens.
As the company's Data Protection Officer, what should be your first action?
A. Inform the appropriate supervisory authority of the breach.
B. Verify whether the laptop contained personal data and, if so, if it was encrypted.
C. Inform the meeting participants of the breach and provide them with next steps to be taken.
D. Request deactivation of the authorization tokens to avoid access to company data, and remotely wipe the laptop.
How can the relationship between the GDPR and the Digital Services Act, the Data Governance Act and the Digital Markets Act most accurately be described?
A. The aforementioned legal acts do not refer to (i.e., do not mention) the GDPR.
B. The aforementioned legal acts apply without prejudice (i.e., in parallel) to the GDPR.
C. The aforementioned legal acts change specific provisions (i.e., certain articles) of the GDPR.
D. The aforementioned legal acts contain some sector-specific exemptions (i.e., only for certain businesses) from the GDPR.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-E exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.