Assuming that the "without undue delay" provision is followed, what is the time limit for complying with a data access request?
A. Within 40 days of receiptA private company has establishments in France, Poland, the United Kingdom and, most prominently, Germany, where its headquarters is established. The company offers its services worldwide. Most of the services are designed in Germany and supported in the other establishments. However, one of the services, a Software as a Service (SaaS) application, was defined and implemented by the Polish establishment. It is also supported by the other establishments.
What is the lead supervisory authority for the SaaS service?
A. The supervisory authority of Germany at federal level.Which area of privacy is a lead supervisory authority's (LSA) MAIN concern?
A. Data subject rightsWhich of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?
A. The behavior of suspected terrorists being monitored by EU law enforcement bodies.Through a combination of hardware failure and human error, the decryption key for a bank's customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances.
Which of the following accurately indicates the nature of this incident?
A. A data breach has not occurred because the loss was not the result of hacking.What is the primary purpose of Convention 108+, which amends the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data?
A. To issue updated guidelines for data transfers from the EU to third-country signatories to the Convention.According to Art 23 GDPR, which of the following data subject rights can NOT be restricted?
A. Right to restriction of processing.Articles 13 and 14 of the GDPR provide details on the obligation of data controllers to inform data subjects when collecting personal data. However, both articles specify an exemption for situations in which the data subject already has the information.
Which other situation would also exempt the data controller from this obligation under Article 14?
A. When providing the information would go against a police order.SCENARIO
Please use the following to answer the next question:
Financially, it has been a very good year at ARRA Hotels: Their 21 hotels, located in Greece (5), Italy (15) and Spain (1), have registered their most profitable results ever. To celebrate this achievement, ARRA Hotels' Human Resources
office, based in ARRA's main Italian establishment, has organized a team event for its 420 employees and their families at its hotel in Spain.
Upon arrival at the hotel, each employee and family member is given an electronic wristband at the reception desk. The wristband serves a number of functions:
1.
Allows access to the "party zone" of the hotel, and emits a buzz if the user approaches any unauthorized areas
2.
Allows up to three free drinks for each person of legal age, and emits a buzz once this limit has been reached
3.
Grants a unique ID number for participating in the games and contests that have been planned.
Along with the wristband, each guest receives a QR code that leads to the online privacy notice describing the use of the wristband. The page also contains an unchecked consent checkbox. In the case of employee family members under the age of 16, consent must be given by a parent. Among the various activities planned for the event, ARRA Hotels' HR office has autonomously set up a photocall area, separate from the main event venue, where employees can come and have their pictures taken in traditional carnival
costume. The photos will be posted on ARRA Hotels' main website for general marketing purposes.
On the night of the event, an employee from one of ARRA's Greek hotels is displeased with the results of the photos in which he appears. He intends to file a complaint with the relevant supervisory authority in regard to the following:
1.
The lack of any privacy notice in the separate photocall area
2.
The unlawful cross-border processing of his personal data
3.
The unacceptable aesthetic outcome of his photos
Why would consent NOT be considered an adequate legal basis for accessing the party zone?
A. The consent is not completely unambiguous.An organization receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal data. Under what condition can the organization charge the data subject a fee for processing the request?
A. Only where the organization can show that it is reasonable to do so because more than one request was made.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-E exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.