IAPP CIPP-E Practice Test - Questions Answers, Page 28

List of questions
Question 271

Which of the following entities would most likely be exempt from complying with the GDPR?
Question 272

The GDPR's list of processor obligations regarding cloud computing includes all of the following EXCEPT?
Question 273

To comply with the GDPR and the EU Court of Justice's decision in Schrems II, the European Commission issued what are commonly referred to as the new standard contractual clauses (SCCs). As a result, businesses must do all of the following EXCEPT?
Question 274

SCENARIO
Please use the following to answer the next question:
Gentle Hedgehog Inc. is a privately owned website design agency incorporated in
Italy. The company has numerous remote workers in different EU countries. Recently, the management of Gentle Hedgehog noticed a decrease in productivity of their sales team, especially among remote workers. As a result, the company plans to implement a robust but privacy-friendly remote surveillance system to prevent absenteeism, reward top performers, and ensure the best quality of customer service when sales people are interacting with customers.
Gentle Hedgehog eventually hires Sauron Eye Inc., a Chinese vendor of employee surveillance software whose European headquarters is in Germany. Sauron Eye's software provides powerful remote-monitoring capabilities, including 24/7 access to computer cameras and microphones, screen captures, emails, website history, and keystrokes. Any device can be remotely monitored from a central server that is securely installed at Gentle Hedgehog headquarters. The monitoring is invisible by default; however, a so-called Transparent Mode, which regularly and conspicuously notifies all users about the monitoring and its precise scope, also exists. Additionally, the monitored employees are required to use a built-in verification technology involving facial recognition each time they log in.
All monitoring data, including the facial recognition data, is securely stored in Microsoft Azure cloud servers operated by Sauron Eye, which are physically located in France.
What is the main problem with the 24/7 camera monitoring?
Question 275

According to the Personal Data Protection Commission's (PDPC) 'Guide to basic data anonymization techniques,' recently adopted by the Spanish
Data Protection Agency, which of the following is NOT a valid basic anonymization technique?
Question 276

In the EDPB's Guidelines 4/2019 on Article 25 Data Protection by Design and by Default, all of the following practices follow from the principles relating to the processing of personal data under EU data protection law EXCEPT?
Question 277

Which aspect of processing does the GDPR allow processors to determine for themselves?
Question 278

Which mechanism, introduced by the GDPR as a means of ensuring both compliance and transparency, allows for the possibility of personal data transfers to third countries under Article 42?
Question 279

SCENARIO
Please use the following to answer the next question:
Gentle Hedgehog Inc. is a privately owned website design agency incorporated in
Italy. The company has numerous remote workers in different EU countries. Recently, the management of Gentle Hedgehog noticed a decrease in productivity of their sales team, especially among remote workers. As a result, the company plans to implement a robust but privacy-friendly remote surveillance system to prevent absenteeism, reward top performers, and ensure the best quality of customer service when sales people are interacting with customers.
Gentle Hedgehog eventually hires Sauron Eye Inc., a Chinese vendor of employee surveillance software whose European headquarters is in Germany. Sauron Eye's software provides powerful remote-monitoring capabilities, including 24/7 access to computer cameras and microphones, screen captures, emails, website history, and keystrokes. Any device can be remotely monitored from a central server that is securely installed at Gentle Hedgehog headquarters. The monitoring is invisible by default; however, a so-called Transparent Mode, which regularly and conspicuously notifies all users about the monitoring and its precise scope, also exists. Additionally, the monitored employees are required to use a built-in verification technology involving facial recognition each time they log in.
After fixing the privacy problems, how long may Gentle Hedgehog store the monitoring data, assuming that no valid data erasure request is received?
Question 280

According to the European Data Protection Board, if a controller that is not established in the EU but still subject to the GDPR becomes aware of a personal data breach, which supervisory authority or authorities must be notified?
Question