View All CIPP-E Actual Exam Questions, Answers and Explanations for Free CIPP-E Exam Free Practice Test with100% Accurate Answers Review the IAPP CIPP/E Certification Exam There is a study guide for IAPP CIPP/E certification Exam Learn about the IAPP CIPP / E certification exam The IAPP defines this certification as perfect for “the go-to person for privacy laws, guidelines and frameworks” in a company. [...]

All Products Contact now

View All CIPP-E Actual Exam Questions, Answers and Explanations for Free [Q85-Q101]

Share

View All CIPP-E Actual Exam Questions, Answers and Explanations for Free

CIPP-E Exam Free Practice Test with100% Accurate Answers


Review the IAPP CIPP/E Certification Exam

There is a study guide for IAPP CIPP/E certification Exam

Learn about the IAPP CIPP / E certification exam

The IAPP defines this certification as perfect for “the go-to person for privacy laws, guidelines and frameworks” in a company. This target market can include many other senior personal privacy or security experts with IT training experience, but can also include individuals belonging to the government, legal, or administrative companies whose job it is to keep the information confidential. and also in terms of security. This is doubled for those involved in legal and compliance requests, information monitoring, information management, and even personal (as privacy is an individual matter at heart, including personal data).

Since privacy protection and private data protection are generally heavily managed and based on legal systems and frameworks, the IAPP provides variations of CIPP accreditation where this material and coverage has been “localized” for directives. applicable laws and regulations. and ideal techniques. There are five such versions available: Asia (CIPP / A), Canada (CIPP / C), Europe (CIPP / E), US government (CIPP / G), and US private sector (CIPP) / USA). At the time of writing, CIPP / E necessarily offers the most direct and specific coverage of GDPR topics.

This exam guide is designed to assist you to evaluate if you prepare to successfully finish the IAPP CIPP/E examination.

 

NEW QUESTION 85
In addition to the European Commission, who can adopt standard contractual clauses, assuming that all required conditions are met?

  • A. The European Data Protection Supervisor.
  • B. National data protection authorities.
  • C. The Council of the European Union.
  • D. Approved data controllers.

Answer: D

Explanation:
Explanation/Reference: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/ standard-contractual-clauses-scc_en

 

NEW QUESTION 86
What should a controller do after a data subject opts out of a direct marketing activity?

  • A. Take reasonable steps to inform third-party recipients that the data subject's personal data should be deleted and no longer processed.
  • B. Refrain from processing personal data relating to the data subject for the relevant type of communication.
  • C. Without undue delay, provide information to the data subject on the action that will be taken.
  • D. Without exception, securely delete all personal data relating to the data subject.

Answer: B

 

NEW QUESTION 87
Company X has entrusted the processing of their payroll data to Provider Y.
Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?

  • A. The supervisory authority
  • B. Law enforcement
  • C. Company X
  • D. The public

Answer: B

 

NEW QUESTION 88
Company X has entrusted the processing of their payroll data to Provider
Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?

  • A. The supervisory authority
  • B. Law enforcement
  • C. Company X
  • D. The public

Answer: B

 

NEW QUESTION 89
Which mechanism, new to the GDPR, now allows for the possibility of personal data transfers to third countries under Article 42?

  • A. Law enforcement requests.
  • B. Binding corporate rules.
  • C. Approved certifications.
  • D. Standard contractual clauses.

Answer: C

 

NEW QUESTION 90
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?

  • A. The behavior of suspected terrorists being monitored by EU law enforcement bodies.
  • B. Personal data of EU citizens being processed by a controller or processor based outside the EU.
  • C. Personal data of EU residents being processed by a non-EU business that targets EU customers.
  • D. The behavior of EU citizens outside the EU being monitored by non-EU law enforcement bodies.

Answer: B

 

NEW QUESTION 91
SCENARIO
Please use the following to answer the next question:
Ben is a member of the fitness club STAYFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Ben lives in Newry, Northern Ireland (part of the U.K.), and commutes across the border to work in Dundalk, Ireland. Two years ago while on a business trip, Ben was photographed while working out at a branch of STAYFIT in Frankfurt, Germany. At the time, Ben gave his consent to being included in the photograph, since he was told that it would be used for promotional purposes only. Since then, the photograph has been used in the club's U.K. brochures, and it features in the landing page of its U.K. website. However, the fitness club has recently fallen into disrepute due to widespread mistreatment of members at various branches of the club in several EU member states. As a result, Ben no longer feels comfortable with his photograph being publicly associated with the fitness club.
After numerous failed attempts to book an appointment with the manager of the local branch to discuss this matter, Ben sends a letter to STAYFIT requesting that his image be removed from the website and all promotional materials. Months pass and Ben, having received no acknowledgment of his request, becomes very anxious about this matter. After repeatedly failing to contact STAYFIT through alternate channels, he decides to take action against the company.
Ben contacts the U.K. Information Commissioner's Office ('ICO' - the U.K.'s supervisory authority) to lodge a complaint about this matter.
Under the cooperation mechanism, what should the lead authority (the CNIL) do after it has formed its view on the matter?

  • A. Request that members of the seconding supervisory authority and the host supervisory authority co-draft a decision.
  • B. Submit a draft decision to other supervisory authorities for their opinion.
  • C. Request that the other supervisory authorities provide the lead authority with a draft decision for its consideration.
  • D. Submit a draft decision directly to the Commission to ensure the effectiveness of the consistency mechanism.

Answer: C

 

NEW QUESTION 92
There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?

  • A. Incident detection and response.
  • B. Consent management and withdrawal.
  • C. Preventative security.
  • D. Remedial security.

Answer: B

 

NEW QUESTION 93
Select the answer below that accurately completes the following:
"The right to compensation and liability under the GDPR...

  • A. ...is limited to a maximum amount of EUR 20 million per event of damage or loss."
  • B. ...provides for an exemption from liability if the data controller (or data processor) proves that it is not in any way responsible for the event giving rise to the damage."
  • C. ...can only be exercised against the data controller, even if a data processor was involved in the same processing."
  • D. ...precludes any subsequent recourse proceedings against other controllers or processors involved in the same processing."

Answer: D

 

NEW QUESTION 94
Under what circumstances might the "soft opt-in" rule apply in relation to direct marketing?

  • A. When an individual's details are obtained from their inquiries about buying a product.
  • B. When an individual has not consented to the marketing.
  • C. Where an individual's details have been obtained from a bought-in marketing list.
  • D. Where an individual is given the ability to unsubscribe from marketing emails sent to him.

Answer: D

 

NEW QUESTION 95
SCENARIO
Please use the following to answer the next question:
T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more information about visitors through the use of cookies.
T-Craze also opened various office locations throughout Europe to help expand its business. While Germany continued to host T-Craze's headquarters and main product-design office, its French affiliate became responsible for all marketing and sales activities. The French affiliate recently procured the services of Right Target, a renowned marketing firm based in the Philippines, to run its latest marketing campaign. After thorough research, Right Target determined that T-Craze is most successful with customers between the ages of 18 and 22. Thus, its first campaign targeted university students in several European capitals, which yielded nearly 40% new customers for T-Craze in one quarter. Right Target also ran subsequent campaigns for T- Craze, though with much less success.
The last two campaigns included a wider demographic group and resulted in countless unsubscribe requests, including a large number in Spain. In fact, the Spanish data protection authority received a complaint from Sofia, a mid-career investment banker. Sofia was upset after receiving a marketing communication even after unsubscribing from such communications from the Right Target on behalf of T-Craze.
Why does the Spanish supervisory authority notify the French supervisory authority when it opens an investigation into T-Craze based on Sofia's complaint?

  • A. T-Craze has a French affiliate.
  • B. T-Craze conducts its marketing and sales activities in France.
  • C. The Spanish supervisory authority is providing a courtesy notification not required under the GDPR.
  • D. The French affiliate procured the services of Right Target.

Answer: B

 

NEW QUESTION 96
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?

  • A. EU member states are vested with the power to accept or reject a European Commission adequacy decision.
  • B. The European Commission can adopt, repeal or amend an existing adequacy decision.
  • C. To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.
  • D. The European Commission can adopt an adequacy decision for individual companies.

Answer: D

 

NEW QUESTION 97
SCENARIO
Please use the following to answer the next question:
WonderkKids provides an online booking service for childcare. Wonderkids is based in France, but hosts its website through a company in Switzerland. As part of their service, WonderKids will pass all personal data provided to them to the childcare provider booked through their system. The type of personal data collected on the website includes the name of the person booking the childcare, address and contact details, as well as information about the children to be cared for including name, age, gender and health information. The privacy statement on Wonderkids' website states the following:
"WonderkKids provides the information you disclose to us through this website to your childcare provider for scheduling and health and safety reasons. We may also use your and your child's personal information for our own legitimate business purposes and we employ a third-party website hosting company located in Switzerland to store the dat a. Any data stored on equipment located in Switzerland meets the European Commission provisions for guaranteeing adequate safeguards for you and your child's personal information. We will only share you and your child's personal information with businesses that we see as adding real value to you. By providing us with any personal data, you consent to its transfer to affiliated businesses and to send you promotional offers."
"We may retain you and your child's personal information for no more than 28 days, at which point the data will be depersonalized, unless your personal information is being used for a legitimate business purpose beyond 28 days where it may be retained for up to 2 years."
"We are processing you and your child's personal information with your consent. If you choose not to provide certain information to us, you may not be able to use our services. You have the right to: request access to you and your child's personal information; rectify or erase you or your child's personal information; the right to correction or erasure of you and/or your child's personal information; object to any processing of you and your child's personal information. You also have the right to complain to the supervisory authority about our data processing activities." What direct marketing information can WonderKids send by email without prior consent of the person booking the childcare?

  • A. Marketing information for products or services similar to those purchased from WonderKids.
  • B. Marketing information related to other business operations of WonderKids.
  • C. Any marketing information at all.
  • D. No marketing information at all.

Answer: B

 

NEW QUESTION 98
An organization receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal dat a. Under what condition can the organization charge the data subject a fee for processing the request?

  • A. Only if the organization can demonstrate that the request is clearly excessive or misguided.
  • B. Only where the administrative costs of taking the action requested exceeds a certain threshold.
  • C. Only where the organization can show that it is reasonable to do so because more than one request was made.
  • D. Only to the extent this is allowed under the restrictions on data subjects' rights introduced under Art 23 of GDPR.

Answer: D

 

NEW QUESTION 99
What is the key difference between the European Council and the Council of the European Union?

  • A. The Council of the European Union is helmed by a president.
  • B. The Council of the European Union has a degree of legislative power.
  • C. The European Council is comprised of the heads of each EU member state.
  • D. The European Council focuses primarily on issues involving human rights.

Answer: C

Explanation:
Section: (none)

 

NEW QUESTION 100
What obligation does a data controller or processor have after appointing a data protection officer?

  • A. To ensure that the data protection officer receives sufficient instructions regarding the exercise of his or her defined tasks.
  • B. To provide resources necessary to carry out the defined tasks of the data protection officer and to maintain his or her expert knowledge.
  • C. To submit for approval to the data protection officer a code of conduct to govern organizational practices and demonstrate compliance with data protection principles.
  • D. To ensure that the data protection officer acts as the sole point of contact for individuals' questions about their personal data.

Answer: C

 

NEW QUESTION 101
......

CIPP-E dumps Free Test Engine Verified By It Certified Experts: https://www.guidetorrent.com/CIPP-E-pdf-free-download.html

Realistic CIPP-E Accurate & Verified Answers As Experienced in the Actual Test!: https://drive.google.com/open?id=17BXKytoMMWEmHx7BQ0lwJcX3HSQldTSs

Related Articles

more
IAPP CIPP-E Certification Practice Exam