
Excellent CIPP-E PDF Dumps With 100% BraindumpsIT Exam Passing Guaranted [Sep-2021]
100% Pass Your CIPP-E Certified Information Privacy Professional/Europe (CIPP/E) at First Attempt with BraindumpsIT
NEW QUESTION 108
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?
- A. To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.
- B. EU member states are vested with the power to accept or reject a European Commission adequacy decision.
- C. The European Commission can adopt an adequacy decision for individual companies.
- D. The European Commission can adopt, repeal or amend an existing adequacy decision.
Answer: C
Explanation:
Explanation/Reference: https://www.futurelearn.com/courses/general-data-protection-regulation/0/steps/32449
NEW QUESTION 109
In which situation would a data controller most likely be able to justify the processing of the data of a child without parental consent?
- A. When providing the child with materials purely for educational use.
- B. When a legitimate business interest makes obtaining consent impractical.
- C. When providing preventive or counselling services to the child.
- D. When the data is to be processed for market research.
Answer: C
NEW QUESTION 110
SCENARIO
Please use the following to answer the next question:
Jason, a long-time customer of ABC insurance, was involved in a minor car accident a few months ago.
Although no one was hurt, Jason has been plagued by texts and calls from a company called Erbium Insurance offering to help him recover compensation for personal injury. Jason has heard about insurance companies selling customers' data to third parties, and he's convinced that Erbium must have gotten his information from ABC.
Jason has also been receiving an increased amount of marketing information from ABC, trying to sell him their full range of their insurance policies.
Perturbed by this, Jason has started looking at price comparison sites on the Internet and has been shocked to find that other insurers offer much cheaper rates than ABC, even though he has been a loyal customer for many years. When his ABC policy comes up for renewal, he decides to switch to Xentron Insurance.
In order to activate his new insurance policy, Jason needs to supply Xentron with information about his No Claims bonus, his vehicle and his driving history. After researching his rights under the GDPR, he writes to ask ABC to transfer his information directly to Xentron. He also takes this opportunity to ask ABC to stop using his personal data for marketing purposes.
ABC supplies Jason with a PDF and XML (Extensible Markup Language) versions of his No Claims Certificate, but tells Jason it cannot transfer his data directly to Xentron at this is not technically feasible. ABC also explains that Jason's contract included a provision whereby Jason agreed that his data could be used for marketing purposes; according to ABC, it is too late for Jason to change his mind about this. It angers Jason when he recalls the wording of the contract, which was filled with legal jargon and very confusing.
In the meantime, Jason is still receiving unwanted calls from Erbium Insurance. He writes to Erbium to ask for the name of the organization that supplied his details to them. He warns Erbium that he plans to complain to the data protection authority because he thinks their company has been using his data unlawfully. His letter states that he does not want his data being used by them in any way.
Erbium's response letter confirms Jason's suspicions. Erbium is ABC's wholly owned subsidiary, and they received information about Jason's accident from ABC shortly after Jason submitted his accident claim. Erbium assures Jason that there has been no breach of the GDPR, as Jason's contract included a provision in which he agreed to share his information with ABC's affiliates for business purposes.
Jason is disgusted by the way in which he has been treated by ABC, and writes to them insisting that all his information be erased from their computer system.
After Jason has exercised his right to restrict the use of his data, under what conditions would Erbium have grounds for refusing to comply?
- A. If Erbium is entitled to use of the data as an affiliate of ABC.
- B. If Erbium also uses the data to conduct public health research.
- C. If the accuracy of the data is not an aspect that Jason is disputing.
- D. If the data becomes necessary to defend Erbium's legal rights.
Answer: A
NEW QUESTION 111
Which of the following entities would most likely be exempt from complying with the GDPR?
- A. A Chinese company that has opened a satellite office in a European Union (EU) member state to service European customers.
- B. A South American company that regularly collects European customers' personal data.
- C. A North American company servicing customers in South Africa that uses a cloud storage system made by a European company.
- D. A company that stores all customer data in Australia and is headquartered in a European Union (EU) member state.
Answer: A
NEW QUESTION 112
What permissions are required for a marketer to send an email marketing message to a consumer in the EU?
- A. No prior permission required, but an opt-out requirement on all emails sent to consumers.
- B. A pre-checked box stating that the consumer agrees to receive email marketing.
- C. A notice that the consumer's email address will be used for marketing purposes.
- D. A prior opt-in consent for consumers unless they are already customers.
Answer: D
Explanation:
Explanation/Reference: https://www.forbes.com/sites/forbescommunicationscouncil/2018/06/27/what-gdpr-means-for- email-marketing-to-eu-customers/#64020aa8374a
NEW QUESTION 113
To which of the following parties does the territorial scope of the GDPR NOT apply?
- A. All member countries party to the Treaty of Lisbon.
- B. All member countries party to the Paris Agreement.
- C. All member countries of the European Economic Area.
- D. All member countries of the European Union.
Answer: C
NEW QUESTION 114
What is a reason the European Court of Justice declared the Data Retention Directive invalid in 2014?
- A. The requirements had limitations on how national authorities could use data.
- B. The requirements were financially burdensome to EU businesses.
- C. The requirements affected individuals without exception.
- D. The requirements specified that data must be held within the EU.
Answer: A
Explanation:
Reference:
%20the%20Grand,proportionality%20in%20forging%20the%20Directive.
NEW QUESTION 115
Under what circumstances might the "soft opt-in" rule apply in relation to direct marketing?
- A. Where an individual is given the ability to unsubscribe from marketing emails sent to him.
- B. Where an individual's details have been obtained from a bought-in marketing list.
- C. When an individual has not consented to the marketing.
- D. When an individual's details are obtained from their inquiries about buying a product.
Answer: D
NEW QUESTION 116
WP29's "Guidelines on Personal data breach notification under Regulation 2016/679'' provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?
- A. A notice on a corporate blog
- B. A prominent advertisement in print media
- C. A postal notification
- D. A direct electronic message
Answer: A
NEW QUESTION 117
Which of the following is an example of direct marketing that would be subject to European data protection laws?
- A. A revision of contract terms conveyed to an individual by SMS from a marketing organization.
- B. An updated privacy notice sent to an individual's personal email address.
- C. A charity fundraising event notice sent to an individual at her business address.
- D. A service outage notification provided to an individual by recorded telephone message.
Answer: C
NEW QUESTION 118
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?
- A. A company wants to use location data to infer information on a person's clothes purchasing habits.
- B. A company wants to build a dating app that creates candidate profiles based on location data and data from third-party sources.
- C. A company wants to combine location data with other data in order to offer more personalized service for the customer.
- D. A company wants to use location data to track delivery trucks in order to make the routes more efficient.
Answer: B
NEW QUESTION 119
An unforeseen power outage results in company Z's lack of access to customer data for six hours. According to article 32 of the GDPR, this is considered a breach. Based on the WP 29's February, 2018 guidance, company Z should do which of the following?
- A. Conduct a thorough audit of all security systems
- B. Notify affected individuals that their data was unavailable for a period of time.
- C. Notify the supervisory authority about the loss of availability
- D. Document the loss of availability to demonstrate accountability
Answer: C
NEW QUESTION 120
According to the GDPR, how is pseudonymous personal data defined?
- A. Data that can no longer be attributed to a specific data subject, with no possibility of re-identifying the data.
- B. Data that can no longer be attributed to a specific data subject without the use of additional information kept separately.
- C. Data that has been encrypted or is subject to other technical safeguards.
- D. Data that has been rendered anonymous in such a manner that the data subject is no longer identifiable.
Answer: B
NEW QUESTION 121
Under Article 30 of the GDPR, controllers are required to keep records of all of the following EXCEPT?
- A. Data inventory or data mapping exercises that have been conducted.
- B. Retention periods for erasure and deletion of categories of personal data.
- C. Incidents of personal data breaches, whether disclosed or not.
- D. Categories of recipients to whom the personal data have been disclosed.
Answer: B
Explanation:
Section: (none)
Explanation
NEW QUESTION 122
An organization receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal dat a. Under what condition can the organization charge the data subject a fee for processing the request?
- A. Only to the extent this is allowed under the restrictions on data subjects' rights introduced under Art 23 of GDPR.
- B. Only where the administrative costs of taking the action requested exceeds a certain threshold.
- C. Only where the organization can show that it is reasonable to do so because more than one request was made.
- D. Only if the organization can demonstrate that the request is clearly excessive or misguided.
Answer: A
NEW QUESTION 123
When collecting personal data in a European Union (EU) member state, what must a company do if it collects personal data from a source other than the data subjects themselves?
- A. Upgrade security to match that of the source
- B. Provide a public notice regarding the data
- C. Inform the subjects about the collection
- D. Update the data within a reasonable timeframe
Answer: C
NEW QUESTION 124
A well-known video production company, based in Spain but specializing in documentaries filmed worldwide, has just finished recording several hours of footage featuring senior citizens in the streets of Madrid. Under what condition would the company NOT be required to obtain the consent of everyone whose image they use for their documentary?
- A. If the company limits the footage to data subjects solely of legal age.
- B. If obtaining consent is deemed voluntary by local legislation.
- C. If the company's status as a documentary provider allows it to claim legitimate interest.
- D. If obtaining consent is deemed to involve disproportionate effort.
Answer: B
NEW QUESTION 125
......
Trend for CIPP-E pdf dumps before actual exam: https://www.braindumpsit.com/CIPP-E_real-exam.html
Real Exam Questions & Answers - IAPP CIPP-E Dump is Ready: https://drive.google.com/open?id=1KA6OnKlAg6z-oo-w1rwmL8wpH258A0Sq