If a company is planning to use closed-circuit television (CCTV) on its premises and is concerned with GDPR compliance, it should first do all of the following EXCEPT?
A. Notify the appropriate data protection authority.
B. Perform a data protection impact assessment (DPIA).
C. Create an information retention policy for those who operate the system.
D. Ensure that safeguards are in place to prevent unauthorized access to the footage.
SCENARIO
Please use the following to answer the next question:
You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular toy stores throughout Europe, the United States and Asia. A large portion of the company's revenue is due to international sales.
The company now wishes to launch a new range of connected toys, ones that can talk and interact with children. The CEO of the company is touting these toys as the next big thing, due to the increased possibilities offered: The figures can answer children's Questions: on various subjects, such as mathematical calculations or the weather. Each figure is equipped with a microphone and speaker and can connect to any smartphone or tablet via Bluetooth. Any mobile device within a 10-meter radius can connect to the toys via Bluetooth as well. The figures can also be associated with other figures (from the same manufacturer) and interact with each other for an enhanced play experience. When a child asks the toy a question, the request is sent to the cloud for analysis, and the answer is generated on cloud servers and sent back to the figure. The answer is given through the figure's integrated speakers, making it appear as though that the toy is actually responding to the child's question. The packaging of the toy does not provide technical details on how this works, nor does it mention that this feature requires an internet connection. The necessary data processing for this has been outsourced to a data center located in South Africa. However, your company has not yet revised its consumer-facing privacy policy to indicate this.
In parallel, the company is planning to introduce a new range of game systems through which consumers can play the characters they acquire in the course of playing the game. The system will come bundled with a portal that includes a Near-Field Communications (NFC) reader. This device will read an RFID tag in the action figure, making the figure come to life onscreen. Each character has its own stock features and abilities, but it is also possible to earn additional ones by accomplishing game goals. The only information stored in the tag relates to the figures' abilities. It is easy to switch characters during the game, and it is possible to bring the figure to locations outside of the home and have the character's abilities remain intact.
What presents the BIGGEST potential privacy issue with the company's practices?
A. The NFC portal can read any data stored in the action figures
B. The information about the data processing involved has not been specified
C. The cloud service provider is in a country that has not been deemed adequate
D. The RFID tag in the action figures has the potential for misuse because of the toy's evolving capabilities
When assessing the level of risk created by a data breach, which of the following would NOT have to be taken into consideration?
A. The ease of identification of individuals.
B. The size of any data processor involved.
C. The special characteristics of the data controller.
D. The nature, sensitivity and volume of personal data.
If a company chooses to ground an international data transfer on the contractual route, which of the following is NOT a valid set of standard contractual clauses?
A. Decision 2001/497/EC (EU controller to non-EU or EEA controller).
B. Decision 2004/915/EC (EU controller to non-EU or EEA controller).
C. Decision 2007/72/EC (EU processor to non-EU or EEA controller).
D. Decision 2010/87/EU (Non-EU or EEA processor from EU controller).
When may browser settings be relied upon for the lawful application of cookies?
A. When a user rejects cookies that are strictly necessary.
B. When users are aware of the ability to adjust their settings.
C. When users are provided with information about which cookies have been set.
D. When it is impossible to bypass the choices made by users in their browser settings.
Which judicial body makes decisions on actions taken by individuals wishing to enforce their rights under EU law?
A. Court of Auditors
B. Court of Justice of European Union
C. European Court of Human Rights
D. European Data Protection Board
Which of the following would most likely NOT be covered by the definition of "personal data" under the GDPR?
A. The payment card number of a Dutch citizen
B. The U.S. social security number of an American citizen living in France
C. The unlinked aggregated data used for statistical purposes by an Italian company
D. The identification number of a German candidate for a professional examination in Germany
Which GDPR principle would a Spanish employer most likely depend upon to annually send the personal data of its employees to the national tax authority?
A. The consent of the employees.
B. The legal obligation of the employer.
C. The legitimate interest of the public administration.
D. The protection of the vital interest of the employees.
SCENARIO
Please use the following to answer the next question:
ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has developed a two-pronged strategy for growth: 1) expand ProStorage s global customer base and 2) increase ProStorage's sales force by efficiently onboarding effective teams. Enacting this strategy has recently been complicated by Ruth's health condition, which has limited her working hours, as well as her ability to travel to meet potential customers. ProStorage's Human Resources department and Ruth's Chief of Staff now work together to manage her schedule and ensure that she is able to make all her medical appointments The latter has become especially crucial after Ruth's last trip to India, where she suffered a medical emergency and was hospitalized m New Delhi Unable to reach Ruths family, the hospital reached out to ProStorage and was able to connect with her Chief of Staff, who in coordination with Mary, the head of HR. provided information to the doctors based on accommodate on requests Ruth made when she started a: ProStorage
Why is the additional measure recommended by Jackie sufficient foe using UpFinance?
A. UpFinance is an established 7-year-old business.
B. UpFinance is in a highly regulated financial industry
C. UpFinance is based in a country without surveillance laws.
D. UpFinance implements sufficient data protection measures
SCENARIO
Please use the following to answer the next question:
You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular toy stores throughout Europe, the United States and Asia. A large portion of the company's revenue is due to international sales. The company now wishes to launch a new range of connected toys, ones that can talk and interact with children. The CEO of the company is touting these toys as the next big thing, due to the increased possibilities offered: The figures can answer children's Questions: on various subjects, such as mathematical calculations or the weather. Each figure is equipped with a microphone and speaker and can connect to any smartphone or tablet via Bluetooth. Any mobile device within a 10-meter radius can connect to the toys via Bluetooth as well. The figures can also be associated with other figures (from the same manufacturer) and interact with each other for an enhanced play experience.
When a child asks the toy a QUESTION, the request is sent to the cloud for analysis, and the answer is generated on cloud servers and sent back to the figure. The answer is given through the figure's integrated speakers, making it appear as though that the toy is actually responding to the child's QUESTION. The packaging of the toy does not provide technical details on how this works, nor does it mention that this feature requires an internet connection. The necessary data processing for this has been outsourced to a data center located in South Africa. However, your company has not yet revised its consumer-facing privacy policy to indicate this.
In parallel, the company is planning to introduce a new range of game systems through which consumers can play the characters they acquire in the course of playing the game. The system will come bundled with a portal that includes a Near-Field Communications (NFC) reader. This device will read an RFID tag in the action figure, making the figure come to life onscreen. Each character has its own stock features and abilities, but it is also possible to earn additional ones by accomplishing game goals. The only information stored in the tag relates to the figures' abilities. It is easy to switch characters during the game, and it is possible to bring the figure to locations outside of the home and have the character's abilities remain intact.
To ensure GDPR compliance, what should be the company's position on the issue of consent?
A. The child, as the user of the action figure, can provide consent himself, as long as no information is shared for marketing purposes.
B. Written authorization attesting to the responsible use of children's data would need to be obtained from the supervisory authority.
C. Consent for data collection is implied through the parent's purchase of the action figure for the child.
D. Parental consent for a child's use of the action figures would have to be obtained before any data could be collected.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-E exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.