100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CIPP/E EXAM WITH ACTUAL CORRECT QUESTIONS AND VERIFIED DETAILED ANSWERS |FREQUENTLY TESTED QUESTIONS AND SOLUTIONS |ALREADY GRADED A+|NEWEST|GUARANTEED PASS |LATEST UPDATE CONTAINS (VERSION A, B AND C) $20.49   Add to cart

Exam (elaborations)

CIPP/E EXAM WITH ACTUAL CORRECT QUESTIONS AND VERIFIED DETAILED ANSWERS |FREQUENTLY TESTED QUESTIONS AND SOLUTIONS |ALREADY GRADED A+|NEWEST|GUARANTEED PASS |LATEST UPDATE CONTAINS (VERSION A, B AND C)

 10 views  0 purchase
  • Course
  • CIPP/E
  • Institution
  • CIPP/E

CIPP/E EXAM WITH ACTUAL CORRECT QUESTIONS AND VERIFIED DETAILED ANSWERS |FREQUENTLY TESTED QUESTIONS AND SOLUTIONS |ALREADY GRADED A+|NEWEST|GUARANTEED PASS |LATEST UPDATE CONTAINS (VERSION A, B AND C)

Preview 4 out of 32  pages

  • September 25, 2024
  • 32
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CIPP/E
  • CIPP/E
avatar-seller
chokozilowreh
CIPP/E EXAM 2 2024-2025 WITH ACTUAL
CORRECT QUESTIONS AND VERIFIED
DETAILED ANSWERS |FREQUENTLY TESTED
QUESTIONS AND SOLUTIONS |ALREADY
GRADED A+|NEWEST|GUARANTEED PASS
|LATEST UPDATE CONTAINS (VERSION A, B
AND C)



CIPP/E EXAM VERSION A
If a multi-national company wanted to conduct background checks on all current and
potential employees, including those based in Europe, what key provision would the company have
to follow?

(A). Background checks on employees could be performed only under prior notice to all employees.
(B). Background checks are only authorized with prior notice and express consent from all employees
including those based in Europe.
(C). Background checks on European employees will stem from data protection and employment law,
which can vary between member states.
(D). Background checks may not be allowed on European employees, but the company can create
lists based on its legitimate interests, identifying individuals who are ineligible for employment.

(C). Background checks on European employees will stem from data protection and employment law,
which can vary between member states.

To which of the following parties does the territorial scope of the GDPR NOT apply?

A) All member countries of the EEA (European Economic Area)
B) All member countries party to the treaty of lisbon
C) All member countries party to the Paris Agreement
D) All member countries of the EU

A) All member countries of the EEA (European Economic Area)



1|Page

,According to the GDPR, when should the processing of photographs be considered
processing of special categories of personal data?

(A). When processed with the intent to publish information regarding a natural person on publicly
accessible media.
(B). When processed with the intent to proceed to scientific or historical research projects.
(C). When processed with the intent to uniquely identify or authenticate a natural person.
(D). When processed with the intent to comply with a law.

(C). When processed with the intent to uniquely identify or authenticate a natural person.

As per the GDPR, which legal basis would be the most appropriate for an online shop that
wishes to process personal data for the purpose of fraud prevention?

(A). Protection of the interests of the data subjects.
(B). Performance of a contact
(C). Legitimate interest
(D). Consent

(D). Consent

Under Article 80(1) of the GDPR, individuals can elect to be represented by not-for-profit
organizations in a privacy group litigation or class action. These organizations are commonly known
as?

(A). Law firm organizations.
(B). Civil society organizations.
(C). Human rights organizations.
(D). Constitutional rights organizations.

(A). Law firm organizations.

In which scenario is a Controller most likely required to undertake a Data Protection Impact
Assessment?

(A). When the controller is collecting email addresses from individuals via an online registration form
for marketing purposes.
(B). When personal data is being collected and combined with other personal data to profile the
creditworthiness of individuals.
(C). When the controller is required to have a Data Protection Officer.
(D). When personal data is being transferred outside of the EEA.

(C). When the controller is required to have a Data Protection Officer.

According to the GDPR, what is the main task of a Data Protection Officer (DPO)?

(A). To create and maintain records of processing activities.
(B). To conduct Privacy Impact Assessments on behalf of the controller or processor.

2|Page

,(C). To monitor compliance with other local or European data protection provisions.
(D). To create procedures for notification of personal data breaches to competent supervisory
authorities.

B). To conduct Privacy Impact Assessments on behalf of the controller or processor.

Which of the following countries will continue to enjoy adequacy status under the GDPR,
pending any future European Commission decision to the contrary?

(A). Greece
(B). Norway
(C). Australia
(D). Switzerland

(D). Switzerland

Discover which employees are accessing cloud services and from which devices and apps Lock down
the data in those apps and devices Monitor and analyze the apps and devices for compliance Manage
application life cycles Monitor data sharing An organization should perform these steps to do which
of the following?

(A). Pursue a GDPR-compliant Privacy by Design process.
(B). Institute a GDPR-compliant employee monitoring process.
(C). Maintain a secure Bring Your Own Device (BYOD) program.
(D). Ensure cloud vendors are complying with internal data use policies.

(C). Maintain a secure Bring Your Own Device (BYOD) program.



A German data subject was the victim of an embarrassing prank 20 years ago. A newspaper
website published an article about the prank at the time, and the article is still available on the
newspaper's website. Unfortunately, the prank is the top search result when a user searches on the
victim's name. The data subject requests that SearchCo delist this result. SearchCo agrees, and
instructs its technology team to avoid scanning or indexing the article.

What else must SearchCo do?

(A). Notify the newspaper that its article it is delisting the article.
(B). Fully erase the URL to the content, as opposed to delist which is mainly based on data subject's
name.
(C). Identify other controllers who are processing the same information and inform them of the
delisting request.
(D). Prevent the article from being listed in search results no matter what search terms are entered
into the search engine.

(A). Notify the newspaper that its article it is delisting the article.


3|Page

, Which of the following is NOT a role of works councils?
(A). Determining the monetary fines to be levied against employers for data breach violations of
employee data.

(B). Determining whether to approve or reject certain decisions of the employer that affect
employees.
(C). Determining whether employees' personal data can be processed or not.
(D). Determining what changes will affect employee working conditions.

C). Determining whether employees' personal data can be processed or not.

Which of the following would NOT be relevant when determining if a processing activity would
be considered profiling?

(A). If the processing is to be performed by a third-party vendor
(B). If the processing involves data that is considered personal data
(C). If the processing of the data is done through automated means
(D). If the processing is used to predict the behavior of data subjects

(D). If the processing is used to predict the behavior of data subjects

The GDPR forbids the practice of "forum shopping", which occurs when companies do what?

(A). Choose the data protection officer that is most sympathetic to their business concerns.
(B). Designate their main establishment in member state with the most flexible practices.
(C). File appeals of infringement judgments with more than one EU institution simultaneously.
(D). Select third-party processors on the basis of cost rather than quality of privacy protection

(B). Designate their main establishment in member state with the most flexible practices.

Bioface is a company based in the United States. It has no servers, personnel or assets in the
European Union. By collecting photographs from social media and other web-based services, such as
newspapers and blogs, it uses machine learning to develop a facial recognition algorithm. The
algorithm identifies individuals in photographs who are not in its data set based the algorithm and its
existing dat a. The service collects photographs of data subjects in the European Union and will
identify them if presented with their photographs. Bioface offers its service to government agencies
and companies in the United States and Canada, but not to those in the European Union. Bioface
does not offer the service to individuals.
Why is Bioface subject to the territorial scope of the General Data Protection Regulation?

(A). It collects data from European Union websites, which constitutes an establishment in the
European Union.
(

A). It collects data from European Union websites, which constitutes an establishment in the European
Union.



4|Page

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller chokozilowreh. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $20.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79223 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$20.49
  • (0)
  Add to cart