| Exam Name: | Certified Information Privacy Professional/Europe (CIPP/E) | ||
| Exam Code: | CIPP-E Dumps | ||
| Vendor: | IAPP | Certification: | Certified Information Privacy Professional |
| Questions: | 268 Q&A's | Shared By: | dawid |
Which of the following would most likely NOT be covered by the definition of “personal data” under the GDPR?
Which of the following is NOT recognized as being a common characteristic of cloud-computing services?
In relation to third countries and international organizations, which of the following shall, along with the supervisory authorities, take appropriate steps to develop international cooperation mechanisms for the enforcement of data protection legislation?
SCENARIO
Please use the following to answer the next question:
Financially, it has been a very good year at ARRA Hotels: Their 21 hotels, located in
Greece (5), Italy (15) and Spain (1), have registered their most profitable results
ever. To celebrate this achievement, ARRA Hotels' Human Resources office, based
in ARRA's main Italian establishment, has organized a team event for its 420
employees and their families at its hotel in Spain.
Upon arrival at the hotel, each employee and family member is given an electronic
wristband at the reception desk. The wristband serves a number of functions:
. Allows access to the "party zone" of the hotel, and emits a buzz if the user
approaches any unauthorized areas
. Allows up to three free drinks for each person of legal age, and emits a
buzz once this limit has been reached
. Grants a unique ID number for participating in the games and contests that
have been planned.
Along with the wristband, each guest receives a QR code that leads to the online
privacy notice describing the use of the wristband. The page also contains an
unchecked consent checkbox. In the case of employee family members under the
age of 16, consent must be given by a parent.
Among the various activities planned for the event, ARRA Hotels' HR office has
autonomously set up a photocall area, separate from the main event venue, where
employees can come and have their pictures taken in traditional carnival costume.
The photos will be posted on ARRA Hotels' main website for general marketing
purposes.
On the night of the event, an employee from one of ARRA's Greek hotels is
displeased with the results of the photos in which he appears. He intends to file a
complaint with the relevant supervisory authority in regard to the following:
. The lack of any privacy notice in the separate photocall area
The unlawful cross-border processing of his personal data
. The unacceptable aesthetic outcome of his photos
Assuming that there is a cross-border processing of personal data, which of the
following criteria would NOT be useful to the lead supervisory authority responsible
for the Greek employee's complaint when trying to determine the location of the
controller's main establishment?
TESTED 19 May 2024
