ExamGecko
Search Search Login
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?
In a sample metric template, what does ''target'' mean?
An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?
Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?
Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
When a data breach incident has occurred. the first priority is to determine?
Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 106 - CIPM discussion

Report
Export

The General Data Protection Regulation (GDPR) specifies fines that may be levied against data controllers for certain infringements. Which of the following will be subject to administrative fines of up to 10 000 000 EUR, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year?

A.

Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing

Answers
A.

Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing

B.

Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default

Answers
B.

Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default

C.

Failure to process personal information in a manner compatible with its original purpose

Answers
C.

Failure to process personal information in a manner compatible with its original purpose

D.

Failure to provide the means for a data subject to rectify inaccuracies in personal data

Answers
D.

Failure to provide the means for a data subject to rectify inaccuracies in personal data

Suggested answer: B

Explanation:

The GDPR specifies fines that may be levied against data controllers for certain infringements. According to Article 83(4)(a) of the GDPR, failure to implement technical and organizational measures to ensure data protection is enshrined by design and default will be subject to administrative fines of up to 10 000 000 EUR, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher. Data protection by design and default is a principle that requires data controllers to integrate data protection considerations into every stage of the processing activities, from the conception to the execution, and to adopt appropriate measures to safeguard the rights and interests of the data subjects by default, such as minimizing the amount and retention period of personal data, pseudonymizing or encrypting personal data, ensuring transparency and accountability, and enabling data subject rights.

CIPM Body of Knowledge (2021), Domain I: Privacy Program Governance, Section A: Privacy Governance Models, Subsection 2: Privacy by Design

CIPM Study Guide (2021), Chapter 2: Privacy Governance Models, Section 2.2: Privacy by Design

CIPM Textbook (2019), Chapter 2: Privacy Governance Models, Section 2.2: Privacy by Design

CIPM Practice Exam (2021), Question 130

GDPR Article 83(4)(a) and Article 25

Show Answer
asked 22/11/2024
John Hart
47 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms