ExamGecko
Home / IAPP / CIPP-E / List of questions
Ask Question

IAPP CIPP-E Practice Test - Questions Answers, Page 25

Add to Whishlist

List of questions

Question 241

Report Export Collapse

In the Planet 49 case, what was the main judgement of the Court of Justice of the European Union (CJEU) regarding the issue of cookies?

Become a Premium Member for full access
  Unlock Premium Member

Question 242

Report Export Collapse

According to the EDPB Guidelines 01/2021 on Examples regarding Personal Data Breach Notification, if exfiltration of job application data (submitted through online application forms and stored on a webserver) resulted in personal information being accessible to unauthorized persons, this would be primarily considered what kind of breach?

Become a Premium Member for full access
  Unlock Premium Member

Question 243

Report Export Collapse

ISO 31700 has set forth requirements relating to consumer products and services. In particular, this international standard focuses on the implementation of which of the following?

Become a Premium Member for full access
  Unlock Premium Member

Question 244

Report Export Collapse

In the wake of the Schrems II ruling, which of the following actions has been recommended by the EDPB for companies transferring personal data to third countries?

Become a Premium Member for full access
  Unlock Premium Member

Question 245

Report Export Collapse

Which failing of Privacy Shield, cited by the CJEU as a reason for its invalidation, is the Trans-Atlantic Data Privacy Framework intended to address?

Become a Premium Member for full access
  Unlock Premium Member

Question 246

Report Export Collapse

Pursuant to the EDPB Guidelines 8/2022, all of the following criteria must be considered when identifying a lead supervisory authority of a controller EXCEPT?

Become a Premium Member for full access
  Unlock Premium Member

Question 247

Report Export Collapse

SCENARIO

Please use the following to answer the next question:

ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has developed a two-pronged strategy for growth: 1) expand ProStorage s global customer base and 2) increase ProStorage's sales force by efficiently onboarding effective teams. Enacting this strategy has recently been complicated by Ruth's health condition, which has limited her working hours, as well as her ability to travel to meet potential customers. ProStorage's Human Resources department and Ruth's Chief of Staff now work together to manage her schedule and ensure that she is able to make all her medical appointments The latter has become especially crucial after Ruth's last trip to India, where she suffered a medical emergency and was hospitalized m New Delhi Unable to reach Ruths family, the hospital reached out to ProStorage and was able to connect with her Chief of Staff, who in coordination with Mary, the head of HR. provided information to the doctors based on accommodate on requests Ruth made when she started a: ProStorage

In support of Ruth's strategic goals of hiring more sales representatives, the Human

Resources team is focused on improving its processes to ensure that new employees are sourced, interviewed, hired, and onboarded efficiently. To help with this, Mary identified two vendors, HRYourWay, a German based company, and

InstaHR, an Australian based company. She decided to have both vendors go through ProStorage's vendor risk review process so she can work with Ruth to make the final decision. As part of the review process, Jackie, who is responsible for maintaining ProStorage's privacy program (including maintaining controller BCRs and conducting vendor risk assessments), reviewed both vendors but completed a transfer impact assessment only for InstaHR. After her review of both boasted a more established privacy program and provided third-party attestations, whereas HRYourWay was a small vendor with minimal data protection operations.

Thus, she recommended InstaHR.

ProStorage's marketing team also worked to meet the strategic goals of the company by focusing on industries where it needed to grow its market share. To help with this, the team selected as a partner UpFinance, a US based company with deep connections to financial industry customers. During ProStorage's diligence process, Jackie from the privacy team noted in the transfer impact assessment that UpFinance implements several data protection measures including end-to-end encryption, with encryption keys held by the customer.

Notably, UpFinance has not received any government requests in its 7 years of business. Still, Jackie recommended that the contract require UpFinance to notify

ProStorage if it receives a government request for personal data UpFinance processes on its behalf prior to disclosing such data.

What transfer mechanism did ProStorage most likely rely on to transfer Ruth's

medical information to the hospital?

Become a Premium Member for full access
  Unlock Premium Member

Question 248

Report Export Collapse

Which of the following elements does NOT need to be presented to a data subject in order to collect valid consent for the use of cookies?

Become a Premium Member for full access
  Unlock Premium Member

Question 249

Report Export Collapse

Since blockchain transactions are classified as pseudonymous, are they considered to be within the material scope of the GDPR, or outside of it?

Become a Premium Member for full access
  Unlock Premium Member

Question 250

Report Export Collapse

Which of the following is NOT recognized as a common characteristic of cloud computing services?

Become a Premium Member for full access
  Unlock Premium Member
Total 297 questions
Go to page: of 30
Search

Related questions










SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular toy stores throughout Europe, the United States and Asia. A large portion of the company's revenue is due to international sales. The company now wishes to launch a new range of connected toys, ones that can talk and interact with children. The CEO of the company is touting these toys as the next big thing, due to the increased possibilities offered: The figures can answer children's Questions: on various subjects, such as mathematical calculations or the weather. Each figure is equipped with a microphone and speaker and can connect to any smartphone or tablet via Bluetooth. Any mobile device within a 10-meter radius can connect to the toys via Bluetooth as well. The figures can also be associated with other figures (from the same manufacturer) and interact with each other for an enhanced play experience. When a child asks the toy a question, the request is sent to the cloud for analysis, and the answer is generated on cloud servers and sent back to the figure. The answer is given through the figure's integrated speakers, making it appear as though that the toy is actually responding to the child's question. The packaging of the toy does not provide technical details on how this works, nor does it mention that this feature requires an internet connection. The necessary data processing for this has been outsourced to a data center located in South Africa. However, your company has not yet revised its consumer-facing privacy policy to indicate this. In parallel, the company is planning to introduce a new range of game systems through which consumers can play the characters they acquire in the course of playing the game. The system will come bundled with a portal that includes a Near-Field Communications (NFC) reader. This device will read an RFID tag in the action figure, making the figure come to life onscreen. Each character has its own stock features and abilities, but it is also possible to earn additional ones by accomplishing game goals. The only information stored in the tag relates to the figures' abilities. It is easy to switch characters during the game, and it is possible to bring the figure to locations outside of the home and have the character's abilities remain intact. Why is this company obligated to comply with the GDPR?