ExamGecko
Search Search Login
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?
In a sample metric template, what does ''target'' mean?
An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?
Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?
Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
When a data breach incident has occurred. the first priority is to determine?
Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 110 - CIPM discussion

Report
Export

Under the General Data Protection Regulation (GDPR), which of the following situations would LEAST likely require a controller to notify a data subject?

A.

An encrypted USB key with sensitive personal data is stolen

Answers
A.

An encrypted USB key with sensitive personal data is stolen

B.

A direct marketing email is sent with recipients visible in the 'cc' field

Answers
B.

A direct marketing email is sent with recipients visible in the 'cc' field

C.

Personal data of a group of individuals is erroneously sent to the wrong mailing list

Answers
C.

Personal data of a group of individuals is erroneously sent to the wrong mailing list

D.

A hacker publishes usernames, phone numbers and purchase history online after a cyber-attack

Answers
D.

A hacker publishes usernames, phone numbers and purchase history online after a cyber-attack

Suggested answer: A

Explanation:

Under the GDPR, a controller must notify a data subject of a personal data breach without undue delay when the breach is likely to result in a high risk to the rights and freedoms of the data subject, unless one of the following conditions applies: the personal data are rendered unintelligible to any person who is not authorized to access it, such as by encryption; the controller has taken subsequent measures to ensure that the high risk is no longer likely to materialize; or the notification would involve disproportionate effort, in which case a public communication or similar measure may suffice. In this case, an encrypted USB key with sensitive personal data is stolen, but the personal data are presumably unintelligible to the thief, so the controller does not need to notify the data subject. However, the controller still needs to notify the supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

CIPM Body of Knowledge (2021), Domain IV: Privacy Program Operational Life Cycle, Section B: Protecting Personal Information, Subsection 2: Data Breach Incident Planning and Management

CIPM Study Guide (2021), Chapter 8: Protecting Personal Information, Section 8.2: Data Breach Incident Planning and Management

CIPM Textbook (2019), Chapter 8: Protecting Personal Information, Section 8.2: Data Breach Incident Planning and Management

CIPM Practice Exam (2021), Question 134

GDPR Article 33 and 3412

Show Answer
asked 22/11/2024
Felix Imafidon
31 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms