CIPP/E Competency study guide Exam test questions with approved Marking Scheme 2024/2025
0 view 0 purchase
Course
CIPP/US
Institution
CIPP/US
CIPP/E Competency study guide Exam test questions with approved Marking Scheme 2024/2025
The first legally binding international instrument in the field of data protection - correct answer Convention 108
Like the earlier resolutions, Convention 108 ensures appropriate protections for individu...
CIPP/E Competency study guide Exam test
questions with approved Marking Scheme
2024/2025
The first legally binding international instrument in the field of
data protection - correct answer Convention 108
Like the earlier resolutions, Convention 108 ensures appropriate
protections for individual privacy but also - correct answer
recognises the importance of the free flow of personal data for
commerce and the exercise of public functions
Convention 108 comprises 27 articles and has three main parts: -
correct answer 'Basic principles of data protection' (Chapter
II, Articles 4-11)
'Transborder data flows' (Chapter III, Article 12)
'Mutual assistance' provisions (Chapter IV, Articles 13-17)
2002/58/EC of the European Parliament and of the Council of 12
July 2002 concerning the processing of personal data and the
protection of privacy in the electronic communications sector -
correct answer The eprivacy Directive
Member states are required to ensure the confidentiality of
communications and of the traffic data generated by such
communications, subject to specific exceptions, including where
users of such services give their consent to interception and
surveillance or where the interception and surveillance is
authorised by law. - correct answer eprivacy Directive
,Most forms of digital marketing, including emails, SMS and MMS
messaging and faxes, but not person-to-person telephone
marketing, require prior (opt-in) consent - correct answer
eprivacy Directive
Specifically, Article 13 ('Unsolicited communications') now
provides a right for individuals and organisations - including
internet service providers (isps) - to bring legal proceedings
against unlawful communications. - correct answer eprivacy
The NIS Directive has three main objectives: - correct answer
Improving national cybersecurity capabilities by requiring each
member state to set up a Computer Security Incident Response
Team (CSIRT) and a competent national Network Information
Systems Authority.
Building cooperation at the EU level by setting up a cooperation
group across the member states in order to support and facilitate
strategic cooperation and the exchange of information. Member
states are also required to set up a CSIRT network in order to
promote swift and effective operational cooperation on specific
cybersecurity incidents and to share information about risks.
Promoting a culture of risk management and incident reporting
among key economic actors, notably operators providing
essential services (OES) such as energy, transport, water,
banking, financial market infrastructures, healthcare and digital
infrastructure, and digital service providers (dsps) such as
search engines, cloud computing services and online
marketplaces. Each member state is responsible for identifying
the companies to which the NIS Directive will apply as well as
the exact form it will take.
, The GDPR has a broad scope, but there are types of processing
to which it does not apply: - correct answer (e.g., processing
for domestic purposes, or processing which is regulated by
another EU data protection law, such as Regulation 45/2001,
which applies to the processing of personal data by EU
institutions)
Territorial Scope: the regulation applies for - correct answer
To EU-established organisations (see Section 5.2.1).
On a long-arm, extraterritorial basis to organisations which offer
to sell goods or services to or who monitor individuals in the EU
(see Section 5.2.2).
The accessibility of a website is (enough / not enough) to
constitute territorial scope for GDPR - correct answer Not
enough
An app developer based in Canada with no establishment in the
EU but which monitors the behaviour of app users in the EU
would/ would not be subject to GDPR under Article 3(2)(b) -
correct answer would be
Article 2(2)(a) states that the Regulation does not apply to the
processing of personal data 'in the course of an activity which
falls outside the scope of ______ _________'. This covers processing
operations that concern public security, defence and national
security. - correct answer Union law
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller KieranKent55. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
