ExamGecko
Search Search Login
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?
In a sample metric template, what does ''target'' mean?
An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?
Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?
Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
When a data breach incident has occurred. the first priority is to determine?
Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 45 - CIPM discussion

Report
Export

Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?

A.

The DPIA result must be reported to the corresponding supervisory authority.

Answers
A.

The DPIA result must be reported to the corresponding supervisory authority.

B.

The DPIA report must be published to demonstrate the transparency of the data processing.

Answers
B.

The DPIA report must be published to demonstrate the transparency of the data processing.

C.

The DPIA must include a description of the proposed processing operation and its purpose.

Answers
C.

The DPIA must include a description of the proposed processing operation and its purpose.

D.

The DPIA is required if the processing activity entails risk to the rights and freedoms of an EU individual.

Answers
D.

The DPIA is required if the processing activity entails risk to the rights and freedoms of an EU individual.

Suggested answer: C

Explanation:

The statement that is true about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR) is that the DPIA must include a description of the proposed processing operation and its purpose. According to Article 35(7) of the GDPR, a DPIA shall contain at least:

''a systematic description of the envisaged processing operations and the purposes of the processing'';

''an assessment of the necessity and proportionality of the processing operations in relation to the purposes'';

''an assessment of the risks to the rights and freedoms of data subjects'';

''the measures envisaged to address the risks'';

''safeguards'', ''security measures'';

''mechanisms to ensure the protection of personal data'';

''to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned''5

Therefore, a DPIA must include a description of what data processing activities are planned and why they are needed as part of its content.This helps to provide a clear overview of the processing operation and its objectives as well as to assess its necessity and proportionality in relation to its purposes6Reference:5: [General Data Protection Regulation (GDPR) -- Official Legal Text], Article 35(7);6: Data protection impact assessments | ICO

Show Answer
asked 22/11/2024
Jarrell John Garcia
37 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms