According to the EDPB Guidelines 01/2021 on Examples regarding Personal Data Breach Notification, if exfiltration of job application data (submitted through online application forms and stored on a webserver) resulted in personal information being accessible to unauthorized persons, this would be primarily considered what kind of breach?
A. An integrity breach.
B. An accuracy breach.
C. An availability breach.
D. A confidentiality breach.
If a company receives an anonymous email demanding ransom for the stolen personal data of its clients, what must the company do next, per GDPR requirements?
A. Notify the police and file a criminal complaint about the incident.
B. Start an investigation to understand the incident's possible scope, duration and nature.
C. Send a notification to the competent supervisory authority describing the incident.
D. Send an email about the incident to all clients and ask them to change their passwords.
ISO 31700 has set forth requirements relating to consumer products and services. In particular, this international standard focuses on the implementation of which of the following?
A. Privacy by design.
B. Comprehensive ethical AI software.
C. Privacy notices for companies providing services to consumers.
D. Automated systems for identifying EU data subjects' personal data.
In the wake of the Schrems II ruling, which of the following actions has been recommended by the EDPB for companies transferring personal data to third countries?
A. Adopting a risk-based approach and implementing supplementary measures as needed.
B. Ensuring that all data transfers are encrypted with unbreakable encryption algorithms.
C. Obtaining explicit consent from each EU citizen for every individual data transfer.
D. Storing all personal data within the borders of the European Union.
Which failing of Privacy Shield, cited by the CJEU as a reason for its invalidation, is the Trans-Atlantic Data Privacy Framework intended to address?
A. Data Subject Rights.
B. Right of Action.
C. Necessity.
D. Consent.
Pursuant to the EDPB Guidelines 8/2022, all of the following criteria must be considered when identifying a lead supervisory authority of a controller EXCEPT?
A. Determining where the controller has its place of central administration in the EEA.
B. Determining the supervisory authority where the place of central administration of the controller is located.
C. Determining the supervisory authority according to what has been identified by the controller as the authority to which data subjects can lodge complaints.
D. Determining if decisions on the processing are taken in another establishment in the EEA, and if that establishment has the power to implement those decisions.
Which of the following elements does NOT need to be presented to a data subject in order to collect valid consent for the use of cookies?
A. A "Cookies Settings" button.
B. A "Reject All" cookies button.
C. A list of cookies that may be placed.
D. Information on the purpose of the cookies.
Following the United Kingdom's withdrawal from the European Union, what law do companies established in the UK and processing the personal data of people in the EU need to adhere to?
A. The Privacy and Electronic Communications Regulations.
B. The EU General Data Protection Regulation.
C. The UK General Data Protection Regulation.
D. The UK Data Protection Act.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-E exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.