ExamGecko
Search Search Login
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?
Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?
In a sample metric template, what does ''target'' mean?
An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?
Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
When a data breach incident has occurred. the first priority is to determine?
Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 150 - CIPM discussion

Report
Export

Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?

A.

The processor must give the controller prior written notice and perform a preliminary audit of the sub-processor.

Answers
A.

The processor must give the controller prior written notice and perform a preliminary audit of the sub-processor.

B.

The processor must Obtain the controllers specifiC written authorization and provide annual reports on the sub-processor'S performance.

Answers
B.

The processor must Obtain the controllers specifiC written authorization and provide annual reports on the sub-processor'S performance.

C.

The processor must receive a written agreement that the sub-processor will be fully liable to the controller for the performance of its obligations in relation to the personal data concerned.

Answers
C.

The processor must receive a written agreement that the sub-processor will be fully liable to the controller for the performance of its obligations in relation to the personal data concerned.

D.

The processor must obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor.

Answers
D.

The processor must obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor.

Suggested answer: D

Explanation:

Under the General Data Protection Regulation (GDPR), the obligations of a processor that engages a sub-processor are to obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor. The GDPR defines a processor as a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller. A sub-processor is a third party that is engaged by the processor to carry out specific processing activities on behalf of the controller. The GDPR requires that the processor does not engage another processor without prior specific or general written authorization of the controller. In the case of general written authorization, the processor must inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes. The processor must also ensure that the same data protection obligations as set out in the contract or other legal act between the controller and the processor are imposed on that other processor by way of a contract or other legal act under Union or Member State law, .Reference:[GDPR Article 28], [CIPM - International Association of Privacy Professionals]

Show Answer
asked 22/11/2024
Dustin Roberts
45 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms