Full CIPP-E Practice Test and 270 Unique Questions, Get it Now! The Best CIPP-E Exam Study Material Premium Files and Preparation Tool You can read the benefits in Obtaining the IAPP CIPP/E Exam Certification CIPP is the international sector requirement for professionals entering and operating in the field of privacy.Obtaining a CIPP / E degree demonstrates an understanding of a framework of principles [...]

All Products Contact now

[Q60-Q83] Full CIPP-E Practice Test and 270 Unique Questions, Get it Now!

Share

Full CIPP-E Practice Test and 270 Unique Questions, Get it Now!

The Best CIPP-E Exam Study Material Premium Files  and Preparation Tool


You can read the benefits in Obtaining the IAPP CIPP/E Exam Certification

  • CIPP is the international sector requirement for professionals entering and operating in the field of privacy.
  • Obtaining a CIPP / E degree demonstrates an understanding of a framework of principles and a database for information privacy in the European context, including vital issues such as the EU-US. Privacy Guard and GDPR (consisting of the required DPOs).
  • Maintaining a CIPP / E classification increases your management profile with your employees. CIPP / E is a crucial standard among major employers for the employment and advertising of privacy specialists.
  • You will be recognized as part of an elite group of privacy experts and experts and data protection experts.

The IAPP CIPP-E exam covers various topics such as the General Data Protection Regulation (GDPR), the Data Protection Directive, and other relevant European laws and regulations. It also assesses the candidate's knowledge and understanding of privacy frameworks, principles, and best practices. Certified Information Privacy Professional/Europe (CIPP/E) certification provides a comprehensive understanding of data protection laws and regulations in Europe and helps professionals to develop a strong foundation in privacy practices.

 

NEW QUESTION # 60
Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

  • A. The supplier allows customer data to be transferred around the infrastructure according to capacity.
  • B. The supplier assumes the vendor's business risk associated with data processed by the supplier.
  • C. The service's infrastructure is shared among the supplier's customers and can be located in a number of countries.
  • D. The supplier determines the location, security measures, and service standards applicable to the processing.

Answer: B

Explanation:
This is not a common characteristic of cloud-computing services, as the supplier usually does not assume the vendor's business risk. In fact, the supplier often limits its liability for data breaches or losses, and the vendor remains responsible for complying with data protection laws and regulations. The other options are common characteristics of cloud-computing services, as they reflect the nature of cloud computing as a flexible, scalable, and cost-effective way of processing data, but also pose challenges for data protection and security. Reference:
Free CIPP/E Study Guide, page 17, section 2.3.2
CIPP/E Certification, page 12, section 2.3.2
Cipp-e Study guides, Class notes & Summaries, page 23, section 2.3.2


NEW QUESTION # 61
Bioface is a company based in the United States. It has no servers, personnel or assets in the European Union. By collecting photographs from social media and other web-based services, such as newspapers and blogs, it uses machine learning to develop a facial recognition algorithm. The algorithm identifies individuals in photographs who are not in its data set based the algorithm and its existing dat a. The service collects photographs of data subjects in the European Union and will identify them if presented with their photographs. Bioface offers its service to government agencies and companies in the United States and Canada, but not to those in the European Union. Bioface does not offer the service to individuals.
Why is Bioface subject to the territorial scope of the General Data Protection Regulation?

  • A. It collects data from subjects and uses it for automated processing.
  • B. It collects data from European Union websites, which constitutes an establishment in the European Union.
  • C. It monitors the behavior of data subjects in the European Union.
  • D. It offers services in the European Union by identifying data subjects in the European Union.

Answer: B


NEW QUESTION # 62
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?

  • A. A company wants to use location data to infer information on a person's clothes purchasing habits.
  • B. A company wants to build a dating app that creates candidate profiles based on location data and data from third-party sources.
  • C. A company wants to combine location data with other data in order to offer more personalized service for the customer.
  • D. A company wants to use location data to track delivery trucks in order to make the routes more efficient.

Answer: B


NEW QUESTION # 63
Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?

  • A. That it essentially functions as a one-stop shop mechanism
  • B. That it makes appointment of a data protection officer mandatory
  • C. That it makes notification of large-scale data breaches mandatory
  • D. That it takes the form of a Regulation as opposed to a Directive

Answer: D

Explanation:
One of the main differences between a Regulation and a Directive in the EU law is that a Regulation is directly applicable and binding in all EU member states, without the need for national implementing measures, while a Directive sets out the objectives and principles that the member states must achieve, but leaves them the choice of form and methods to transpose it into their national laws. Therefore, by taking the form of a Regulation, the GDPR aims to harmonize and unify the data protection rules across the EU, and to ensure a consistent implementation and enforcement of the data protection laws throughout the EU. The other aspects of the GDPR listed in the question, such as the one-stop shop mechanism, the mandatory notification of large-scale data breaches, and the mandatory appointment of a data protection officer, are also important features of the GDPR, but they do not have the same impact on the consistency of the data protection laws as the form of a Regulation.


NEW QUESTION # 64
Which statement provides an accurate description of a directive?

  • A. A directive speo5es certain results that must be achieved, but each member state is free to decide how to turn it into a national law
  • B. A directive is a legal act that applies automatically and uniformly to all EU countries as soon as it enters into force.
  • C. A directive is a legal act relating to specific cases and directed towards member states, companies 0' private individuals.
  • D. A directive has binding legal force throughout every member state and enters into force on a set date in all the member states.

Answer: D


NEW QUESTION # 65
SCENARIO
Please use the following to answer the next question:
Brady is a computer programmer based in New Zealand who has been running his own business for two years. Brady's business provides a low-cost suite of services to customers throughout the European Economic Area (EEA). The services are targeted towards new and aspiring small business owners. Brady's company, called Brady Box, provides web page design services, a Social Networking Service (SNS) and consulting services that help people manage their own online stores.
Unfortunately, Brady has been receiving some complaints. A customer named Anna recently uploaded her plans for a new product onto Brady Box's chat area, which is open to public viewing. Although she realized her mistake two weeks later and removed the document, Anna is holding Brady Box responsible for not noticing the error through regular monitoring of the website. Brady believes he should not be held liable.
Another customer, Felipe, was alarmed to discover that his personal information was transferred to a third- party contractor called Hermes Designs and worries that sensitive information regarding his business plans may be misused. Brady does not believe he violated European privacy rules. He provides a privacy notice to all of his customers explicitly stating that personal data may be transferred to specific third parties in fulfillment of a requested service. Felipe says he read the privacy notice but that it was long and complicated Brady continues to insist that Felipe has no need to be concerned, as he can personally vouch for the integrity of Hermes Designs. In fact, Hermes Designs has taken the initiative to create sample customized banner advertisements for customers like Felipe. Brady is happy to provide a link to the example banner ads, now posted on the Hermes Designs webpage. Hermes Designs plans on following up with direct marketing to these customers.
Brady was surprised when another customer, Serge, expressed his dismay that a quotation by him is being used within a graphic collage on Brady Box's home webpage. The quotation is attributed to Serge by first and last name. Brady, however, was not worried about any sort of litigation. He wrote back to Serge to let him know that he found the quotation within Brady Box's Social Networking Service (SNS), as Serge himself had posted the quotation. In his response, Brady did offer to remove the quotation as a courtesy.
Despite some customer complaints, Brady's business is flourishing. He even supplements his income through online behavioral advertising (OBA) via a third-party ad network with whom he has set clearly defined roles. Brady is pleased that, although some customers are not explicitly aware of the OBA, the advertisements contain useful products and services.
Under the General Data Protection Regulation (GDPR), what is the most likely reason Serge may have grounds to object to the use of his quotation?

  • A. Because of the use of personal data outside of the social networking service (SNS).
  • B. Because of the misapplication of the household exception in relation to a social networking service (SNS).
  • C. Because of the misrepresentation of personal data as an endorsement.
  • D. Because of the juxtaposition of the quotation with others' quotations.

Answer: A

Explanation:
The GDPR defines personal data as "any information relating to an identified or identifiable natural person" (Article 4(1)). This includes names, quotations, and any other data that can be linked to a specific individual. The GDPR also requires that personal data be processed lawfully, fairly, and transparently, and that it be collected for specified, explicit, and legitimate purposes (Article 5(1)). Furthermore, the GDPR grants data subjects the right to object to the processing of their personal data for direct marketing purposes or for the purposes of the legitimate interests of the controller or a third party (Article 21).
In this scenario, Serge may have grounds to object to the use of his quotation on Brady Box's home webpage, as it constitutes the processing of his personal data outside of the original purpose for which it was collected. Serge posted the quotation on Brady Box's SNS, which is a separate service from Brady Box's web page design service. By using the quotation on the home webpage, Brady Box is processing Serge's personal data for a different purpose than the one for which Serge provided it, and without his consent or a legitimate interest. This may violate the principles of purpose limitation and lawfulness under the GDPR. Moreover, Serge may object to the use of his quotation as it implies his endorsement of Brady Box's service, which may affect his reputation or interests.
The other options are less likely to be valid grounds for objection, as they are not directly related to the GDPR's provisions on personal data protection. The misrepresentation of personal data as an endorsement may be a matter of contract law or consumer protection law, but not necessarily a GDPR issue. The juxtaposition of the quotation with others' quotations may not affect Serge's rights or interests, unless it creates a false or misleading impression of his views or opinions. The misapplication of the household exception in relation to a SNS may not apply in this case, as the household exception only covers the processing of personal data by a natural person in the course of a purely personal or household activity (Article 2(2)). Serge's posting of the quotation on a SNS may not qualify as a purely personal or household activity, as it involves the disclosure of personal data to a wider audience.
Reference:
GDPR
GDPR and social media
How does GDPR affect social media marketing?
Data Protection & Social Media: How GDPR Influences Today's Social Media Marketing


NEW QUESTION # 66
In the event of a data breach, which type of information are data controllers NOT required to provide to either the supervisory authorities or the data subjects?

  • A. The measures being taken to address the breach.
  • B. The type of security safeguards used to protect the data.
  • C. The predicted consequences of the breach.
  • D. The contact details of the appropriate data protection officer.

Answer: C

Explanation:
Reference https://www.dataprotection.ie/en/organisations/know-your-obligations/data-protection-impact- assessments


NEW QUESTION # 67
SCENARIO
Please use the following to answer the next question:
Jane Stan's her new role as a Data Protection Officer (DPO) at a Malta-based company that allows anyone to buy and sell cryptocurrencies via its online platform. The company stores and processes the personal data of its customers in a dedicated data center located m Malta |EU).
People wishing to trade cryptocurrencies are required to open an online account on the platform. They then must successfully pass a KYC due diligence procedure aimed at preventing money laundering and ensuring compliance with applicable financial regulations.
The non-European customers are also required to waive all their GDPR rights by reading a disclaimer written in bold and belong a checkbox on a separate page in order to get their account approved on the platform.
The customers must likewise accept the terms of service of the platform. The terms of service also include a privacy policy section, saying, among other things, that if a What is potentially wrong with the backup system operated in the AWS cloud?

  • A. The AWS servers are located in the EU but in a country different than the location of the corporate headquarters.
  • B. The data storage period has to be revised, and a data processing agreement w*h AWS must be signed
  • C. It is unlawful to process any personal data in a cloud unless the cloud is certified as GOPR-compliant by a competent supervisory authority.
  • D. AWS is a U S company, and no personal data of European residents may be transferred to it without explicit written consent from data subjects.

Answer: B


NEW QUESTION # 68
What is the MAIN reason GDPR Article 4(22) establishes the concept of the "concerned supervisory authority"?

  • A. To give corporations a choice about who their supervisory authority will be.
  • B. To ensure that the interests of individuals residing outside the lead authority's jurisdiction are represented.
  • C. To encourage the consistency of local data processing activity.
  • D. To ensure the GDPR covers controllers that do not have an establishment in the EU but have a representative in a member state.

Answer: B


NEW QUESTION # 69
Two companies, Gellcoat and Freifish, make plans to launch a co-branded product the prototype of which is called Gellifish 9090. The companies want to organize an event to introduce the new product, so they decide to share data from their client databases and come up with a list of people to invite. They agree on the content of the invitations and together build an app to gather feedback at the event.
In this scenario, Gellcoat and Freifish are considered to be?

  • A. Joint controllers with respect to the personal data related to the event and separate controllers for their other purposes.
  • B. Separate controllers because pint controllers^ requires a written designation in a contract
  • C. Joint controllers for all purposes because they have merged their databases and their data is now jointly owned.
  • D. Separate controllers and processors since they are each providing services to the other

Answer: A


NEW QUESTION # 70
To receive a preliminary interpretation on provisions of the GDPR, a national court will refer its case to which of the following?

  • A. The European Data Protection Board.
  • B. The European Court of Human Rights.
  • C. The European Data Protection Supervisor.
  • D. The Court of Justice of the European Union.

Answer: D


NEW QUESTION # 71
The GDPR specifies fines that may be levied against data controllers for certain infringements. Which of the following infringements would be subject to the less severe administrative fine of up to 10 million euros (or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year)?

  • A. Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default.
  • B. Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing.
  • C. Failure to provide the means for a data subject to rectify inaccuracies in personal data.
  • D. Failure to process personal information in a manner compatible with its original purpose.

Answer: A

Explanation:
According to Article 83 of the GDPR, the less severe administrative fines of up to 10 million euros or 2% of the annual worldwide turnover apply to infringements of the articles governing controllers and processors, certification bodies, and monitoring bodies. These include Articles 8, 11, 25-39, 42, and 43. Among the answer choices, only option B falls under this category, as Article 25 requires controllers to implement data protection by design and by default. Option A is related to Article 7, which governs the conditions for consent. Option C is related to Article 5, which sets out the principles for processing personal data. Option D is related to Article 16, which grants the right to rectification to data subjects. These articles are subject to the more severe administrative fines of up to 20 million euros or 4% of the annual worldwide turnover. Reference:
GDPR Article 83
GDPR Article 25
GDPR Article 7
GDPR Article 5
GDPR Article 16


NEW QUESTION # 72
The GDPR requires controllers to supply data subjects with detailed information about the processing of their dat a. Where a controller obtains data directly from data subjects, which of the following items of information does NOT legally have to be supplied?

  • A. The categories of personal data concerned.
  • B. The recipients or categories of recipients.
  • C. The right to lodge a complaint with a supervisory authority.
  • D. The rights of access, erasure, restriction, and portability.

Answer: A

Explanation:
Reference https://gdpr-info.eu/art-13-gdpr/


NEW QUESTION # 73
Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

  • A. The supplier allows customer data to be transferred around the infrastructure according to capacity.
  • B. The supplier assumes the vendor's business risk associated with data processed by the supplier.
  • C. The service's infrastructure is shared among the supplier's customers and can be located in a number of countries.
  • D. The supplier determines the location, security measures, and service standards applicable to the processing.

Answer: B

Explanation:
Reference https://www.softwaremajor.com/news-articles/64-gdpr-how-does-it-apply-to-the-cloud


NEW QUESTION # 74
What is a reason the European Court of Justice declared the Data Retention Directive invalid in 2014?

  • A. The requirements affected individuals without exception.
  • B. The requirements specified that data must be held within the EU.
  • C. The requirements had limitations on how national authorities could use data.
  • D. The requirements were financially burdensome to EU businesses.

Answer: C

Explanation:
Reference https://www.loc.gov/law/help/eu-data-retention-directive/eu.php#:~:text=In%20April%202014%2C
%20the%20Grand,proportionality%20in%20forging%20the%20Directive.


NEW QUESTION # 75
SCENARIO
Please use the following to answer the next question:
Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is in English and French, it accepts only Canadian currency, and it blocks internet traffic from outside of Canada (although this solution doesn't prevent all non-Canadian traffic). It also declines to process orders that request the DNA report to be sent outside of Canada, and returns orders that show a non-Canadian return address.
Bob, the President of Who-R-U, thinks there is a lot of interest for the product in the EU, and the company is exploring a number of plans to expand its customer base.
The first plan, collegially called We-Track-U, will use an app to collect information about its current Canadian customer base. The expansion will allow its Canadian customers to use the app while traveling abroad. He suggests that the company use this app to gather location information. If the plan shows promise, Bob proposes to use push notifications and text messages to encourage existing customers to pre-register for an EU version of the service. Bob calls this work plan, We-Text-U. Once the company has gathered enough pre- registrations, it will develop EU-specific content and services.
Another plan is called Customer for Life. The idea is to offer additional services through the company's app, like storage and sharing of DNA information with other applications and medical providers. The company's contract says that it can keep customer DNA indefinitely, and use it to offer new services and market them to customers. It also says that customers agree not to withdraw direct marketing consent. Paul, the marketing director, suggests that the company should fully exploit these provisions, and that it can work around customers' attempts to withdraw consent because the contract invalidates them.
The final plan is to develop a brand presence in the EU. The company has already begun this process. It is in the process of purchasing the naming rights for a building in Germany, which would come with a few offices that Who-R-U executives can use while traveling internationally. The office doesn't include any technology or infrastructure; rather, it's simply a room with a desk and some chairs.
On a recent trip concerning the naming-rights deal, Bob's laptop is stolen. The laptop held unencrypted DNA reports on 5,000 Who-R-U customers, all of whom are residents of Canad a. The reports include customer name, birthdate, ethnicity, racial background, names of relatives, gender, and occasionally health information.
Who-R-U is NOT required to notify the local German DPA about the laptop theft because?

  • A. The data isn't considered personally identifiable financial information.
  • B. The laptop belonged to a company located in Canada.
  • C. There is no evidence that the thieves have accessed the data on the laptop.
  • D. The company isn't a controller established in the Union.

Answer: D


NEW QUESTION # 76
What term BEST describes the European model for data protection?

  • A. Sectoral
  • B. Comprehensive
  • C. Market-based
  • D. Self-regulatory

Answer: B

Explanation:
Reference https://ec.europa.eu/info/sites/info/files/communication-european-strategy-data-19feb2020_en.pdf


NEW QUESTION # 77
SCENARIO
Please use the following to answer the next question:
Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a significant data breach. The executive board, in coordination with the general manager, their Privacy Office and the Information Security team, resolved to adopt additional security measures. These included training awareness programs, a cybersecurity audit, and use of a new software tool called SecurityScan, which scans employees' computers to see if they have software that is no longer being supported by a vendor and therefore not getting security updates. However, this software also provides other features, including the monitoring of employees' computers.
Since these measures would potentially impact employees, Building Block's Privacy Office decided to issue a general notice to all employees indicating that the company will implement a series of initiatives to enhance information security and prevent future data breaches.
After the implementation of these measures, server performance decreased. The general manager instructed the Security team on how to use SecurityScan to monitor employees' computers activity and their location. During these activities, the Information Security team discovered that one employee from Italy was daily connecting to a video library of movies, and another one from Germany worked remotely without authorization. The Security team reported these incidents to the Privacy Office and the general manager. In their report, the team concluded that the employee from Italy was the reason why the server performance decreased.
Due to the seriousness of these infringements, the company decided to apply disciplinary measures to both employees, since the security and privacy policy of the company prohibited employees from installing software on the company's computers, and from working remotely without authorization.
In addition to notifying employees about the purpose of the monitoring, the potential uses of their data and their privacy rights, what information should Building Block have provided them before implementing the security measures?

  • A. Information about who employees should contact with any queries.
  • B. Information about how providing consent could affect them as employees.
  • C. Information about how the measures are in the best interests of the company.
  • D. Information about what is specified in the employment contract.

Answer: A

Explanation:
According to the GDPR, when personal data is collected from the data subject, the controller must provide the data subject with certain information, such as the identity and contact details of the controller, the contact details of the data protection officer, the purposes and legal basis of the processing, the recipients or categories of recipients of the personal data, the data subject's rights, and any other information necessary to ensure fair and transparent processing1. This information must be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language2. Therefore, Building Block should have provided its employees with information about who they can contact with any queries regarding the monitoring, such as the data protection officer or the Privacy Office, as part of the information notice before implementing the security measures. This would enable the employees to exercise their rights, such as the right to access, rectify, erase, restrict or object to the processing of their personal data, or the right to lodge a complaint with a supervisory authority3. Reference: 1 Art. 13 GDPR - Information to be provided where personal data are collected from the data subject - General Data Protection Regulation (GDPR)2 Art. 12 GDPR - Transparent information, communication and modalities for the exercise of the rights of the data subject - General Data Protection Regulation (GDPR)3 Art. 15-22 GDPR - Rights of the data subject - General Data Protection Regulation (GDPR).


NEW QUESTION # 78
SCENARIO
Please use the following to answer the next question:
T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more information about visitors through the use of cookies.
T-Craze also opened various office locations throughout Europe to help expand its business. While Germany Target, a renowned marketing firm based in the Philippines, to run its latest marketing campaign. After thorough research, Right Target determined that T-Craze is most successful with customers between the ages of 18 and 22. Thus, its first campaign targeted university students in several European capitals, which yielded nearly 40% new customers for T-Craze in one quarter. Right Target also ran subsequent campaigns for T- Craze, though with much less success.
The last two campaigns included a wider demographic group and resulted in countless unsubscribe requests, including a large number in Spain. In fact, the Spanish data protection authority received a complaint from Sofia, a mid-career investment banker. Sofia was upset after receiving a marketing communication even after unsubscribing from such communications from the Right Target on behalf of T-Craze.
What is the best option for the lead regulator when responding to the Spanish supervisory authority's notice that it plans to take action regarding Sofia's complaint?

  • A. Reject, because Right Target's processing was conducted throughout Europe.
  • B. Accept, because it did not receive any complaints.
  • C. Reject, because GDPR does not allow other supervisory authorities to take action if there is a lead authority.
  • D. Accept, because GDPR permits non-lead authorities to take action for such complaints.

Answer: C


NEW QUESTION # 79
In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules?

  • A. When creating an untargeted pop-up ad on a website.
  • B. When calling a potential customer to notify her of an upcoming product sale.
  • C. When emailing a customer to announce that his recent order should arrive earlier than expected.
  • D. When paying a search engine company to give prominence to certain products and services within specific search results.

Answer: A

Explanation:
Explanation/Reference: https://www.privacytrust.com/guidance/gdpr-vs-eprivacy-regulation.html


NEW QUESTION # 80
How is the GDPR's position on consent MOST likely to affect future app design and implementation?

  • A. App developers will expand the amount of data necessary to collect for an app's functionality.
  • B. App developers' responsibilities as data controllers will increase.
  • C. Users will see fewer advertisements when using apps.
  • D. Users will be given granular types of consent for particular types of processing.

Answer: D

Explanation:
The GDPR requires that consent must be freely given, specific, informed and unambiguous1. This means that app developers must provide clear and transparent information about the purposes and legal basis of the data processing, and allow users to choose which types of processing they agree to and which they do not. For example, users should be able to consent separately to different types of cookies, such as functional, analytical or marketing cookies2. Users should also be able to withdraw their consent at any time as easily as they gave it1. Therefore, app design and implementation must take into account these requirements and provide users with granular and user-friendly consent options, rather than relying on pre-ticked boxes, implied consent or default settings3. Reference: 1 Art. 4 (11) and Art. 7 GDPR - Definitions and Conditions for consent - General Data Protection Regulation (GDPR)2 Guidelines 05/2020 on consent under Regulation 2016/679 - European Data Protection Board3 How To Make Compliant GDPR Consent Forms (With Examples) - Termly.


NEW QUESTION # 81
To which of the following parties does the territorial scope of the GDPR NOT apply?

  • A. All member countries party to the Paris Agreement.
  • B. All member countries of the European Economic Area.
  • C. All member countries of the European Union.
  • D. All member countries party to the Treaty of Lisbon.

Answer: B


NEW QUESTION # 82
As per the GDPR, which legal basis would be the most appropriate for an online shop that wishes to process personal data for the purpose of fraud prevention?

  • A. Legitimate interest
  • B. Protection of the interests of the data subjects.
  • C. Consent
  • D. Performance of a contact

Answer: C


NEW QUESTION # 83
......


Prerequisites for CIPP-E Exam

The main requirement for the CIPP-E exam is that the candidate has a basic knowledge of data protection. It is an added advantage if the candidate has relevant work experience which has already introduced them to the skills and concepts needed in the industry.

 

Get Instant Access to CIPP-E Practice Exam Questions: https://www.guidetorrent.com/CIPP-E-pdf-free-download.html

Reliable Study Materials & Testing Engine for CIPP-E Exam Success!: https://drive.google.com/open?id=17BXKytoMMWEmHx7BQ0lwJcX3HSQldTSs

Related Articles

more
IAPP CIPP-E Certification Practice Exam