ExamGecko
Home / IAPP / CIPP-E / List of questions
Ask Question

IAPP CIPP-E Practice Test - Questions Answers, Page 28

Add to Whishlist

List of questions

Question 271

Report Export Collapse

Which of the following entities would most likely be exempt from complying with the GDPR?

Become a Premium Member for full access
  Unlock Premium Member

Question 272

Report Export Collapse

The GDPR's list of processor obligations regarding cloud computing includes all of the following EXCEPT?

Become a Premium Member for full access
  Unlock Premium Member

Question 273

Report Export Collapse

To comply with the GDPR and the EU Court of Justice's decision in Schrems II, the European Commission issued what are commonly referred to as the new standard contractual clauses (SCCs). As a result, businesses must do all of the following EXCEPT?

Become a Premium Member for full access
  Unlock Premium Member

Question 274

Report Export Collapse

SCENARIO

Please use the following to answer the next question:

Gentle Hedgehog Inc. is a privately owned website design agency incorporated in

Italy. The company has numerous remote workers in different EU countries. Recently, the management of Gentle Hedgehog noticed a decrease in productivity of their sales team, especially among remote workers. As a result, the company plans to implement a robust but privacy-friendly remote surveillance system to prevent absenteeism, reward top performers, and ensure the best quality of customer service when sales people are interacting with customers.

Gentle Hedgehog eventually hires Sauron Eye Inc., a Chinese vendor of employee surveillance software whose European headquarters is in Germany. Sauron Eye's software provides powerful remote-monitoring capabilities, including 24/7 access to computer cameras and microphones, screen captures, emails, website history, and keystrokes. Any device can be remotely monitored from a central server that is securely installed at Gentle Hedgehog headquarters. The monitoring is invisible by default; however, a so-called Transparent Mode, which regularly and conspicuously notifies all users about the monitoring and its precise scope, also exists. Additionally, the monitored employees are required to use a built-in verification technology involving facial recognition each time they log in.

All monitoring data, including the facial recognition data, is securely stored in Microsoft Azure cloud servers operated by Sauron Eye, which are physically located in France.

What is the main problem with the 24/7 camera monitoring?

Become a Premium Member for full access
  Unlock Premium Member

Question 275

Report Export Collapse

According to the Personal Data Protection Commission's (PDPC) 'Guide to basic data anonymization techniques,' recently adopted by the Spanish

Data Protection Agency, which of the following is NOT a valid basic anonymization technique?

Become a Premium Member for full access
  Unlock Premium Member

Question 276

Report Export Collapse

In the EDPB's Guidelines 4/2019 on Article 25 Data Protection by Design and by Default, all of the following practices follow from the principles relating to the processing of personal data under EU data protection law EXCEPT?

Become a Premium Member for full access
  Unlock Premium Member

Question 277

Report Export Collapse

Which aspect of processing does the GDPR allow processors to determine for themselves?

Become a Premium Member for full access
  Unlock Premium Member

Question 278

Report Export Collapse

Which mechanism, introduced by the GDPR as a means of ensuring both compliance and transparency, allows for the possibility of personal data transfers to third countries under Article 42?

Become a Premium Member for full access
  Unlock Premium Member

Question 279

Report Export Collapse

SCENARIO

Please use the following to answer the next question:

Gentle Hedgehog Inc. is a privately owned website design agency incorporated in

Italy. The company has numerous remote workers in different EU countries. Recently, the management of Gentle Hedgehog noticed a decrease in productivity of their sales team, especially among remote workers. As a result, the company plans to implement a robust but privacy-friendly remote surveillance system to prevent absenteeism, reward top performers, and ensure the best quality of customer service when sales people are interacting with customers.

Gentle Hedgehog eventually hires Sauron Eye Inc., a Chinese vendor of employee surveillance software whose European headquarters is in Germany. Sauron Eye's software provides powerful remote-monitoring capabilities, including 24/7 access to computer cameras and microphones, screen captures, emails, website history, and keystrokes. Any device can be remotely monitored from a central server that is securely installed at Gentle Hedgehog headquarters. The monitoring is invisible by default; however, a so-called Transparent Mode, which regularly and conspicuously notifies all users about the monitoring and its precise scope, also exists. Additionally, the monitored employees are required to use a built-in verification technology involving facial recognition each time they log in.

After fixing the privacy problems, how long may Gentle Hedgehog store the monitoring data, assuming that no valid data erasure request is received?

Become a Premium Member for full access
  Unlock Premium Member

Question 280

Report Export Collapse

According to the European Data Protection Board, if a controller that is not established in the EU but still subject to the GDPR becomes aware of a personal data breach, which supervisory authority or authorities must be notified?

Become a Premium Member for full access
  Unlock Premium Member
Total 297 questions
Go to page: of 30
Search

Related questions










SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular toy stores throughout Europe, the United States and Asia. A large portion of the company's revenue is due to international sales. The company now wishes to launch a new range of connected toys, ones that can talk and interact with children. The CEO of the company is touting these toys as the next big thing, due to the increased possibilities offered: The figures can answer children's Questions: on various subjects, such as mathematical calculations or the weather. Each figure is equipped with a microphone and speaker and can connect to any smartphone or tablet via Bluetooth. Any mobile device within a 10-meter radius can connect to the toys via Bluetooth as well. The figures can also be associated with other figures (from the same manufacturer) and interact with each other for an enhanced play experience. When a child asks the toy a question, the request is sent to the cloud for analysis, and the answer is generated on cloud servers and sent back to the figure. The answer is given through the figure's integrated speakers, making it appear as though that the toy is actually responding to the child's question. The packaging of the toy does not provide technical details on how this works, nor does it mention that this feature requires an internet connection. The necessary data processing for this has been outsourced to a data center located in South Africa. However, your company has not yet revised its consumer-facing privacy policy to indicate this. In parallel, the company is planning to introduce a new range of game systems through which consumers can play the characters they acquire in the course of playing the game. The system will come bundled with a portal that includes a Near-Field Communications (NFC) reader. This device will read an RFID tag in the action figure, making the figure come to life onscreen. Each character has its own stock features and abilities, but it is also possible to earn additional ones by accomplishing game goals. The only information stored in the tag relates to the figures' abilities. It is easy to switch characters during the game, and it is possible to bring the figure to locations outside of the home and have the character's abilities remain intact. Why is this company obligated to comply with the GDPR?