Which of the following regulates the use of electronic communications services within the European Union?
A. Regulator (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015.
B. Regulation (EU) 2017/1953 of the European Parliament and of the Council of 25 October 2017.
C. Directive 2002/58'EC of the European Parliament and of the Council of 12 July 2002.
D. Directive (EU) 2019.789 of the European Parliament and of the Council of 17 April 2019.
Which of the following is NOT an explicit right granted to data subjects under the GDPR?
A. The right to request access to the personal data a controller holds about them.
B. The right to request the deletion of data a controller holds about them.
C. The right to opt-out of the sale of their personal data to third parties.
D. The right to request restriction of processing of personal data, under certain scenarios.
A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the entrance of the building, hallways and offices. Footage is recorded continuously, and is monitored by the home office in the United States. What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?
A. Seek informed consent from company employees.
B. Have cameras recording during work hours only.
C. Retain captured footage for no more than 30 days.
D. Restrict camera placement to building entrances only.
SCENARIO
Please use the following to answer the next question:
T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more information about visitors through the use of cookies.
T-Craze also opened various office locations throughout Europe to help expand its business. While Germany continued to host T-Craze's headquarters and main product-design office, its French affiliate became responsible for all marketing and sales activities. The French affiliate recently procured the services of Right Target, a renowned marketing firm based in the Philippines, to run its latest marketing campaign. After thorough research, Right Target determined that T-Craze is most successful with customers between the ages of 18 and 22. Thus, its first campaign targeted university students in several European capitals, which yielded nearly 40% new customers for T-Craze in one quarter. Right Target also ran subsequent campaigns for T-Craze, though with much less success. The last two campaigns included a wider demographic group and resulted in countless unsubscribe requests, including a large number in Spain. In fact, the Spanish data protection authority received a complaint from Sofia, a mid-career investment banker. Sofia was upset after receiving a marketing communication even after unsubscribing from such communications from the Right Target on behalf of T-Craze.
Why does the Spanish supervisory authority notify the French supervisory authority when it opens an investigation into T-Craze based on Sofia's complaint?
A. T-Craze has a French affiliate.
B. The French affiliate procured the services of Right Target.
C. T-Craze conducts its marketing and sales activities in France.
D. The Spanish supervisory authority is providing a courtesy notification not required under the GDPR.
SCENARIO Please use the following to answer the next question: Zandelay Fashion (`Zandelay') is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Martin is their recently appointed data protection officer, who oversees the
company's compliance with the General Data Protection Regulation (GDPR) and other privacy legislation.
The company offers both male and female clothing lines across all age demographics, including children. In doing so, the company processes large amounts of information about such customers, including preferences and sensitive financial
information such as credit card and bank account numbers.
In an aggressive bid to build revenue growth, Jerry, the CEO, tells Martin that the company is launching a new mobile app and loyalty scheme that puts significant emphasis on profiling the company's customers by analyzing their purchases.
Martin tells the CEO that:
(a) the potential risks of such activities means that Zandelay needs to carry out a data protection impact assessment to assess this new venture and its privacy implications; and (b) where the results of this assessment indicate a high risk in the absence of appropriate protection measures, Zandelay may have to undertake a prior consultation with the Irish Data Protection Commissioner before implementing the app and loyalty scheme.
Jerry tells Martin that he is not happy about the prospect of having to directly engage with a supervisory authority and having to disclose details of Zandelay's business plan and associated processing activities. What would MOST effectively assist Zandelay in conducting their data protection impact assessment?
A. Information about DPIAs found in Articles 38 through 40 of the GDPR.
B. Data breach documentation that data controllers are required to maintain.
C. Existing DPIA guides published by local supervisory authorities.
D. Records of processing activities that data controllers are required to maintain.
WP29's "Guidelines on Personal data breach notification under Regulation 2016/679'' provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?
A. A postal notification
B. A direct electronic message
C. A notice on a corporate blog
D. A prominent advertisement in print media
A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is the company first required to do?
A. Obtain specific consent for the new processing
B. Only inform the data subjects of the new purpose.
C. Proceed no further, as such repurposing is unlawful
D. Update the privacy notice upon which consent was given
In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules?
A. When creating an untargeted pop-up ad on a website.
B. When calling a potential customer to notify her of an upcoming product sale.
C. When emailing a customer to announce that his recent order should arrive earlier than expected.
D. When paying a search engine company to give prominence to certain products and services within specific search results.
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority?
A. Where the DPIA identifies that personal data needs to be transferred to other countries outside of the EEA.
B. Where the DPIA identifies high risks to individuals' rights and freedoms that the controller can take steps to reduce.
C. Where the DPIA identifies that the processing being proposed collects the sensitive data of EU citizens.
D. Where the DPIA identifies risks that will require insurance for protecting its business interests.
How does the GDPR now define "processing"?
A. Any act involving the collecting and recording of personal data.
B. Any operation or set of operations performed on personal data or on sets of personal data.
C. Any use or disclosure of personal data compatible with the purpose for which the data was collected.
D. Any operation or set of operations performed by automated means on personal data or on sets of personal data.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-E exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.