CIPP-E Practice Exam Questions & Verified Answers.
Which statement is correct when considering the right to privacy under article 8 of the
European Convention on Human Rights? - Correct Answer The right to privacy has to
be balanced against other rights under the ECHR
What is the one major goal that the OECD Guidelinges, Convention 108, and the
Directive all had in common but largely failed to achieve in Europe? - Correct Answer
The restriction of cross-border data flow
Which EU institution is vested with the competence to propose new data protection
legislation on its own initiative? - Correct Answer Commission
Which institution has the power to adopt findings that confirm the adequacy of the data
protection level in a non-EU country? - Correct Answer European Commission
What type of data lies beyond the scope of the GDPR? - Correct Answer Anonymised
What is the consequence if a processor makes an independent decision regarding the
purposes and means of processing it carries out on behalf of a controller? - Correct
Answer The processor will be considered to be a controller
With the issue of consent, the GDPR allows member states some choice regarding
what? - Correct Answer The age which children must be required to obtain parental
consent
Which sentence BEST summarizes the concepts of Fairness, lawfullness, and
transparency, as expressly required by Article 5 of the GDPR? - Correct Answer
Fairness and transparency refer to the communication of key information before
collecting data; lawfulness refers to compliance with government regulations
Assuming that the "without undue delay" provison is followed, what is the time limit for
complying with a data access request? - Correct Answer 1 month + additional 2 months
Company X has entrusted the processing of their payroll data provider to Y. Provider Y
stores this encrypted data on its server. The IT department of Provider Y finds out that
someone managed to hack into the system and take a copy of the data from its server.
In this scenario, whom does Provider Y have the obligation to notify? - Correct Answer
Company X
Which of the following would require designationg a data protection officer? - Correct
Answer The core activites of the controller or processor consist of processing
operations that require systematic monitoring of data subjects on a large scale. (public
authority or large scal sensitive data would apply as well)
P a g e 1 | 12
, When is a data sharing agreement MOST likely to be needed? - Correct Answer When
personal data is being shared between commercial orgs acting as joint data controllers
An employee of company X has just noticed a memory stick containing records of client
data, including their names, addresses and full contact details has disappeared. The
data on the stick is unencrypted and in clear text. It is uncertain what has happened to
the stick as this stage, but it likely was lost during the travel of an employee. What
should the company do? - Correct Answer Notify as soon as possible the data
protection supervisory authority that a data breach may have taken place
The GDPR specifies fines that may be levied against data controllers for certain
infringements. Which of the following infringements would be subject to the less severe
administrative fine of up to 10 million Euros? - Correct Answer Failure to implement
technical and organisational measures to ensure data protection is enshrined by design
and default
Why is it advisable to avoid consent as a legal basis for an employer to process
employee data? - Correct Answer Consent may not be valid if the employee feels
compelled to provide it
What is true about an employee who makes an access request to his employer for any
personal data held about him? - Correct Answer The employer must supply all the
information held about the employee unless there is an exemption
Discover which employees are accessing cloud services and from which devices and
apps
Lock down the data in those apps and devices
Monitor and analyse the apps and devices for compliance
Manage application life cycles
Monitor data sharing
An organisation should perform these steps to do which of the following? - Correct
Answer Maintain a secure BYOD program
If a company is planning to use CCTV on its premises and is concerned with GDPR
compliance, it should first do all of the following EXCEPT? - Correct Answer Notify the
appropriate data protection authority
In which of the following cases would an organisation MOST LIKELY be required to
follow both ePrivacy and data protection rules? - Correct Answer When calling a
potential customer to notify her of an upcoming product sale
What permissions are required for a marketer to send an email marketing message to a
consumer in the EU? - Correct Answer A prior opt-in consent for consumers unless they
are already customers
P a g e 2 | 12
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Lectjoe. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.