ExamGecko
Home / IAPP / CIPP-E / List of questions
Ask Question

IAPP CIPP-E Practice Test - Questions Answers, Page 14

Add to Whishlist

List of questions

Question 131

Report Export Collapse

Which of the following is one of the supervisory authority's investigative powers?

Become a Premium Member for full access
  Unlock Premium Member

Question 132

Report Export Collapse

Many businesses print their employees' photographs on building passes, so that employees can be identified by security staff. This is notwithstanding the fact that facial images potentially qualify as biometric data under the GDPR. Why would such practice be permitted?

Become a Premium Member for full access
  Unlock Premium Member

Question 133

Report Export Collapse

A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker's personal data?

Become a Premium Member for full access
  Unlock Premium Member

Question 134

Report Export Collapse

Which of the following is NOT a role of works councils?

Become a Premium Member for full access
  Unlock Premium Member

Question 135

Report Export Collapse

Under the Data Protection Law Enforcement Directive of the EU, a government can carry out covert investigations involving personal data, as long it is set forth by law and constitutes a measure that is both necessary and what?

Become a Premium Member for full access
  Unlock Premium Member

Question 136

Report Export Collapse

Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?

Become a Premium Member for full access
  Unlock Premium Member

Question 137

Report Export Collapse

A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the entrance of the building, hallways and offices. Footage is recorded continuously, and is monitored by the home office in the United States. What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?

Become a Premium Member for full access
  Unlock Premium Member

Question 138

Report Export Collapse

Which of the following is an example of direct marketing that would be subject to European data protection laws?

Become a Premium Member for full access
  Unlock Premium Member

Question 139

Report Export Collapse

Article 9 of the GDPR lists exceptions to the general prohibition against processing biometric data. Which of the following is NOT one of these exceptions?

Become a Premium Member for full access
  Unlock Premium Member

Question 140

Report Export Collapse

Which marketing-related activity is least likely to be covered by the provisions of Privacy and Electronic Communications Regulations (Directive 2002/58/EC)?

Become a Premium Member for full access
  Unlock Premium Member
Total 297 questions
Go to page: of 30
Search

Related questions










SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular toy stores throughout Europe, the United States and Asia. A large portion of the company's revenue is due to international sales. The company now wishes to launch a new range of connected toys, ones that can talk and interact with children. The CEO of the company is touting these toys as the next big thing, due to the increased possibilities offered: The figures can answer children's Questions: on various subjects, such as mathematical calculations or the weather. Each figure is equipped with a microphone and speaker and can connect to any smartphone or tablet via Bluetooth. Any mobile device within a 10-meter radius can connect to the toys via Bluetooth as well. The figures can also be associated with other figures (from the same manufacturer) and interact with each other for an enhanced play experience. When a child asks the toy a question, the request is sent to the cloud for analysis, and the answer is generated on cloud servers and sent back to the figure. The answer is given through the figure's integrated speakers, making it appear as though that the toy is actually responding to the child's question. The packaging of the toy does not provide technical details on how this works, nor does it mention that this feature requires an internet connection. The necessary data processing for this has been outsourced to a data center located in South Africa. However, your company has not yet revised its consumer-facing privacy policy to indicate this. In parallel, the company is planning to introduce a new range of game systems through which consumers can play the characters they acquire in the course of playing the game. The system will come bundled with a portal that includes a Near-Field Communications (NFC) reader. This device will read an RFID tag in the action figure, making the figure come to life onscreen. Each character has its own stock features and abilities, but it is also possible to earn additional ones by accomplishing game goals. The only information stored in the tag relates to the figures' abilities. It is easy to switch characters during the game, and it is possible to bring the figure to locations outside of the home and have the character's abilities remain intact. Why is this company obligated to comply with the GDPR?