A data controller appoints a data protection officer. Which of the following conditions would NOT result in an infringement of Articles 37 to 39 of the GDPR?
A. If the data protection officer lacks ISO 27001 auditor certification.
B. If the data protection officer is provided by the data processor.
C. If the data protection officer also manages the marketing budget.
D. If the data protection officer receives instructions from the data controller.
MagicClean is a web-based service located in the United States that matches home cleaning services to customers. It otters its services exclusively in the United States It uses a processor located in France to optimize its data. Is MagicClean subject to the GDPR?
A. Yes, because MagicClean is processing data in the EU
B. Yes. because MagicClean's data processing agreement with the French processor is an establishment in the EU
C. No, because MagicClean is located m the United States only.
D. No. because MagicClean is not offering services to EU data subjects.
What term BEST describes the European model for data protection?
A. Sectoral
B. Self-regulatory
C. Market-based
D. Comprehensive
Under Article 21 of the GDPR, a controller must stop profiling when requested by a data subject, unless it can demonstrate compelling legitimate grounds that override the interests of the individual. In the Guidelines on Automated individual decision-making and Profiling, the WP 29 says the controller needs to do all of the following to demonstrate that it has such legitimate grounds EXCEPT?
A. Carry out an exercise that weighs the interests of the controller and the basis for the data subject's objection.
B. Consider the impact of the profiling on the data subject's interest, rights and freedoms.
C. Demonstrate that the profiling is for the purposes of direct marketing.
D. Consider the importance of the profiling to their particular objective.
Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?
A. The European Parliament
B. The European Commission
C. The Article 29 Working Party
D. The European Council
SCENARIO
Please use the following to answer the next question:
Louis, a long-time customer of Bedrock Insurance, was involved in a minor car accident a few months ago. Although no one was hurt, Louis has been plagued by texts and calls from a company called Accidentable offering to help him recover
compensation for personal injury. Louis has heard about insurance companies selling customers' data to third parties, and he's convinced that Accidentable must have gotten his information from Bedrock Insurance.
Louis has also been receiving an increased amount of marketing information from Bedrock, trying to sell him their full range of their insurance policies.
Perturbed by this, Louis has started looking at price comparison sites on the internet and has been shocked to find that other insurers offer much cheaper rates than Bedrock, even though he has been a loyal customer for many years. When
his Bedrock policy comes up for renewal, he decides to switch to Zantrum Insurance.
In order to activate his new insurance policy, Louis needs to supply Zantrum with information about his No Claims bonus, his vehicle and his driving history. After researching his rights under the GDPR, he writes to ask Bedrock to transfer his information directly to Zantrum. He also takes this opportunity to ask Bedrock to stop using his personal data for marketing purposes. Bedrock supplies Louis with a PDF and XML (Extensible Markup Language) versions of his No Claims Certificate, but tells Louis it cannot transfer his data directly to Zantrum as this is not technically feasible. Bedrock also explains that
Louis's contract included a provision whereby Louis agreed that his data could be used for marketing purposes; according to Bedrock, it is too late for Louis to change his mind about this. It angers Louis when he recalls the wording of the contract, which was filled with legal jargon and very confusing. In the meantime, Louis is still receiving unwanted calls from Accidentable Insurance. He writes to Accidentable to ask for the name of the organization that supplied his details to them. He warns Accidentable that he plans to complain to the data protection authority, because he thinks their company has been using his data unlawfully. His letter states that he does not want his data being used by them in any way.
Accidentable's response letter confirms Louis's suspicions. Accidentable is Bedrock Insurance's wholly owned subsidiary, and they received information about Louis's accident from Bedrock shortly after Louis submitted his accident claim.
Accidentable assures Louis that there has been no breach of the GDPR, as Louis's contract included, a provision in which he agreed to share his information with Bedrock's affiliates for business purposes.
Louis is disgusted by the way in which he has been treated by Bedrock, and writes to them insisting that all his information be erased from their computer system.
After Louis has exercised his right to restrict the use of his data, under what conditions would Accidentable have grounds for refusing to comply?
A. If Accidentable is entitled to use of the data as an affiliate of Bedrock.
B. If Accidentable also uses the data to conduct public health research.
C. If the data becomes necessary to defend Accidentable's legal rights.
D. If the accuracy of the data is not an aspect that Louis is disputing.
In which scenario is a Controller most likely required to undertake a Data Protection Impact Assessment?
A. When the controller is collecting email addresses from individuals via an online registration form for marketing purposes.
B. When personal data is being collected and combined with other personal data to profile the creditworthiness of individuals.
C. When the controller is required to have a Data Protection Officer.
D. When personal data is being transferred outside of the EEA.
After leaving the EU under the terms of Brexit, the United Kingdom will seek an adequacy determination. What is the reason for this?
A. The Insurance Commissioner determined that an adequacy determination is required by the Data Protection Act.
B. Adequacy determinations automatically lapse when a Member State leaves the EU.
C. The UK is now a third country because it's no longer subject to the GDPR.
D. The UK is less trustworthy now that its not part of the Union.
Article 5(1)(b) of the GDPR states that personal data must be "collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes." Based on Article 5(1)(b), what is the impact of a member state's interpretation of the word "incompatible"?
A. It dictates the level of security a processor must follow when using and storing personal data for two different purposes.
B. It guides the courts on the severity of the consequences for those who are convicted of the intentional misuse of personal data.
C. It sets the standard for the level of detail a controller must record when documenting the purpose for collecting personal data.
D. It indicates the degree of flexibility a controller has in using personal data in ways that may vary from its original intended purpose.
Pursuant to Article 4(5) of the GDPR, data is considered "pseudonymized" if?
A. It cannot be attributed to a data subject without the use of additional information.
B. It cannot be attributed to a person under any circumstances.
C. It can only be attributed to a person by the controller.
D. It can only be attributed to a person by a third party.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-E exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.