What permissions are required for a marketer to send an email marketing message to a consumer in the EU?
A. A prior opt-in consent for consumers unless they are already customers.
B. A pre-checked box stating that the consumer agrees to receive email marketing.
C. A notice that the consumer's email address will be used for marketing purposes.
D. No prior permission required, but an opt-out requirement on all emails sent to consumers.
How is the GDPR's position on consent MOST likely to affect future app design and implementation?
A. App developers will expand the amount of data necessary to collect for an app's functionality.
B. Users will be given granular types of consent for particular types of processing.
C. App developers' responsibilities as data controllers will increase.
D. Users will see fewer advertisements when using apps.
You are the new Data Protection Officer for your company and have to determine whether the company has implemented appropriate technical and organizational measures as required by Article 32 of the GDPR. Which of the following would be the most important to consider when trying to determine this?
A. How security measures might evolve in the future
B. Which security measures are endorsed by a majority of experts.
C. How the public perceives what constitutes adequate security measures
D. Which kinds of security measures your company has employed in the past
A company would like to implement CCTV monitoring in its offices for safety and security purposes. Which of the following would be the best legal basis for the company to rely upon?
A. Public interest.
B. Individual consent
C. Legitimate interest.
D. Exercise of pubic authority.
In 2016's Guidance, the United Kingdom's Information Commissioner's Office (ICO) reaffirmed the importance of using a "layered notice" to provide data subjects with what?
A. A privacy notice containing brief information whilst offering access to further detail.
B. A privacy notice explaining the consequences for opting out of the use of cookies on a website.
C. An explanation of the security measures used when personal data is transferred to a third party.
D. An efficient means of providing written consent in member states where they are required to do so.
According to the European Data Protection Board, which of the following concepts or practices does NOT follow from the principles relating to the processing of personal data under EU data protection law?
A. Data ownership allocation.
B. Access control management.
C. Frequent pseudonymization key rotation.
D. Error propagation avoidance along the processing chain.
Which sentence BEST summarizes the concepts of "fairness," "lawfulness" and "transparency", as expressly required by Article 5 of the GDPR?
A. Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.
B. Fairness refers to limiting the amount of data collected from individuals; lawfulness refers to the approval of company guidelines by the state; transparency solely relates to communication of key information before collecting data.
C. Fairness refers to the security of personal data; lawfulness and transparency refers to the analysis of ordinances to ensure they are uniformly enforced.
D. Fairness refers to the collection of data from diverse subjects; lawfulness refers to the need for legal rules to be uniform; transparency refers to giving individuals access to their data.
Jerry the Chief Marketing Officer for a sports apparel and trophy company, sells products to schools and athletic clubs globally Recently the company has decided to invest in a new line of customized sports equipment Jerry plans to email his current customer base to offer them a discount on their first purchase of such equipment.
Jerry tells Kate, the Director of Privacy, about his plan. What is the best guidance Kate can provide to Jerry?
A. Permit Jerry to carry out his plan on the basis of marketing similar products to existing customers.
B. Require Jerry to send all current customers a second notice to allow them to opt-in to marketing emails
C. Permit Jerry to carry out his marketing plan on the basis of legitimate interest
D. Require Jerry to include an option to opt out of marketing emails in the future
An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?
A. Notify as soon as possible the data protection supervisory authority that a data breach may have taken place.
B. Launch an investigation and if nothing is found within one month, notify the data protection supervisory authority.
C. Invoke the "disproportionate effort" exception under Article 33 to postpone notifying data subjects until more information can be gathered.
D. Immediately notify all the customers of the company that their information has been accessed by an unauthorized person.
SCENARIO
Please use the following to answer the next question:
Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern Ireland (part of the U.K.), and commutes across the border to work in Dundalk, Ireland. Two years ago while on a business trip, Javier was photographed while working out at a branch of EVERFIT in Frankfurt, Germany. At the time, Javier gave his consent to being included in the photograph, since he was told that it would be used for promotional purposes only. Since then, the photograph has been used in the club's U.K. brochures, and it features in the landing page of its U.K. website. However, the fitness club has recently fallen into disrepute due to widespread mistreatment of members at various branches of the club in several EU member states. As a result, Javier no longer feels comfortable with his photograph being publicly associated with the fitness club.
After numerous failed attempts to book an appointment with the manager of the local branch to discuss this matter, Javier sends a letter to EVETFIT requesting that his image be removed from the website and all promotional materials. Months pass and Javier, having received no acknowledgment of his request, becomes very anxious aboutthis matter. After repeatedly failing to contact EVETFIT through alternate channels, he decides to take action against the company.
Javier contacts the U.K. Information Commissioner's Office (`ICO' ?the U.K.'s supervisory authority) to lodge a complaint about this matter. The ICO, pursuant to Article 56 (3) of the GDPR, informs the CNIL (i.e. the supervisory authority of EVERFIT's main establishment) about this matter. Despite the fact that EVERFIT has an establishment in the U.K., the CNIL decides to handle the case in accordance with Article 60 of the GDPR. The CNIL liaises with the ICO, as relevant under the cooperation procedure. In light of issues amongst the supervisory authorities to reach a decision, the European Data Protection Board becomes involved and, pursuant to the consistency mechanism, issues a binding decision.
Additionally, Javier sues EVERFIT for the damages caused as a result of its failure to honor his request to have his photograph removed from the brochure and website.
Assuming that multiple EVETFIT branches across several EU countries are acting as separate data controllers, and that each of those branches were responsible for mishandling Javier's request, how may Javier proceed in order to seek compensation?
A. He will have to sue the EVETFIT's head office in France, where EVETFIT has its main establishment.
B. He will be able to sue any one of the relevant EVETFIT branches, as each one may be held liable for the entire damage.
C. He will have to sue each EVETFIT branch so that each branch provides proportionate compensation commensurate with its contribution to the damage or distress suffered by Javier.
D. He will be able to apply to the European Data Protection Board in order to determine which particular EVETFIT branch is liable for damages, based on the decision that was made by the board.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-E exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.