Iapp prepway certified Information Privacy Professional Cipp-e Release Date by Atlas q175 vce pdf

Page: 9 / 19

Exam Name:	Certified Information Privacy Professional/Europe (CIPP/E)
Exam Code:	CIPP-E Dumps
Vendor:	IAPP	Certification:	Certified Information Privacy Professional
Questions:	268 Q&A's	Shared By:	atlas

Question 36

When assessing the level of risk created by a data breach, which of the following would NOT have to be taken into consideration?

Options:

The ease of identification of individuals.

The size of any data processor involved.

The special characteristics of the data controller.

The nature, sensitivity and volume of personal data.

Discussion

Answer:

Explanation:

Explanation:

When assessing the level of risk created by a data breach, the size of any data processor involved would not have to be taken into consideration. According to the GDPR, a data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” 1. The GDPR requires data controllers and processors to notify the relevant supervisory authority of a data breach within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons 2. The GDPR also requires data controllers to communicate the data breach to the affected data subjects without undue delay, if the breach is likely to result in a high risk to their rights and freedoms 3.

The GDPR does not specify the exact criteria for determining the level of risk, but it provides some guidance in Recital 85, which states that “the likelihood and severity of the risk to the rights and freedoms of the data subject should be determined by reference to the nature, scope, context and purposes of the processing” . The recital also mentions some factors that could increase the risk, such as the ease of identification of individuals, the special categories of personal data, the large scale of the processing, or the special characteristics of the data controller . Therefore, these factors should be taken into consideration when assessing the level of risk created by a data breach.

However, the size of any data processor involved is not relevant for the risk assessment, as it does not affect the impact of the breach on the data subjects. The data processor is only responsible for processing the personal data on behalf of the data controller, and has no direct relationship with the data subjects . The data processor’s obligations in case of a data breach are to notify the data controller without undue delay, and to assist the data controller in complying with its obligations under the GDPR . The data processor’s size may affect its ability to fulfill these obligations, but it does not change the level of risk created by the data breach itself. References: 1: Article 4(12) of the GDPR 2: Article 33 of the GDPR 3: Article 34 of the GDPR : Recital 85 of the GDPR : Article 4(8) of the GDPR : Article 28 of the GDPR

I hope this helps. If you have any other questions, please feel free to ask. ?

Question 37

SCENARIO

Please use the following to answer the next question:

ABC Hotel Chain and XYZ Travel Agency are U.S.-based multinational companies. They use an internet-based common platform for collecting and sharing their customer data with each other, in order to integrate their marketing efforts. Additionally, they agree on the data to be stored, how reservations will be booked and confirmed, and who has access to the stored data.

Mike, an EU resident, has booked travel itineraries in the past through XYZ Travel Agency to stay at ABC Hotel Chain’s locations. XYZ Travel Agency offers a rewards program that allows customers to sign up to accumulate points that can later be redeemed for free travel. Mike has signed the agreement to be a rewards program member.

Now Mike wants to know what personal information the company holds about him. He sends an email requesting access to his data, in order to exercise what he believes are his data subject rights.

What are ABC Hotel Chain and XYZ Travel Agency’s roles in this relationship?

Options:

ABC Hotel Chain is the controller and XYZ Travel Agency is the processor.

XYZ Travel Agency is the controller and ABC Hotel Chain is the processor.

ABC Hotel Chain and XYZ Travel Agency are independent controllers.

ABC Hotel Chain and XYZ Travel Agency are joint controllers.

Discussion

Question 38

Which sentence best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

Options:

Employees must sign an ad hoc contractual agreement each time personal data is exported.

All employees are subject to the rules in their entirety, regardless of where the work is taking place.

All employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.

Employees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Discussion

River

Hey, I used Cramkey Dumps to prepare for my recent exam and I passed it.

Lewis (not set)

Yeah, I used these dumps too. And I have to say, I was really impressed with the results.

Nell

Are these dumps reliable?

Ernie (not set)

Yes, very much so. Cramkey Dumps are created by experienced and certified professionals who have gone through the exams themselves. They understand the importance of providing accurate and relevant information to help you succeed.

Nylah

I've been looking for good study material for my upcoming certification exam. Need help.

Dolly (not set)

Then you should definitely give Cramkey Dumps a try. They have a huge database of questions and answers, making it easy to study and prepare for the exam. And the best part is, you can be sure the information is accurate and relevant.

Laila

They're such a great resource for anyone who wants to improve their exam results. I used these dumps and passed my exam!! Happy customer, always prefer. Yes, same questions as above I know you guys are perfect.

Keira (not set)

100% right….And they're so affordable too. It's amazing how much value you get for the price.

Reeva

Wow what a success I achieved today. Thank you so much Cramkey for amazing Dumps. All students must try it.

Amari (not set)

Wow, that's impressive. I'll definitely keep Cramkey in mind for my next exam.

Question 39

SCENARIO

Please use the following to answer the next question:

Joe started the Gummy Bear Company in 2000 from his home in Vermont, USA. Today, it is a multi-billion-dollar candy company operating in every continent. All of the company’s IT servers are located in Vermont. This year Joe hires his son Ben to join the company and head up Project Big, which is a major marketing strategy to triple gross revenue in just 5 years. Ben graduated with a PhD in computer software from a top university. Ben decided to join his father’s company, but is also secretly working on launching a new global online dating website company called Ben Knows Best.

Ben is aware that the Gummy Bear Company has millions of customers and believes that many of them might also be interested in finding their perfect match. For Project Big, Ben redesigns the company’s online web portal and requires customers in the European Union and elsewhere to provide additional personal information in order to remain a customer. Project Ben begins collecting data about customers’ philosophical beliefs, political opinions and marital status.

If a customer identifies as single, Ben then copies all of that customer’s personal data onto a separate database for Ben Knows Best. Ben believes that he is not doing anything wrong, because he explicitly asks each customer to give their consent by requiring them to check a box before accepting their information. As Project Big is an important project, the company also hires a first year college student named Sam, who is studying computer science to help Ben out.

Ben calls out and Sam comes across the Ben Knows Best database. Sam is planning on going to Ireland over Spring Beak with 10 of his friends, so he copies all of the customer information of people that reside in Ireland so that he and his friends can contact people when they are in Ireland.

Joe also hires his best friend’s daughter, Alice, who just graduated from law school in the U.S., to be the company’s new General Counsel. Alice has heard about the GDPR, so she does some research on it. Alice approaches Joe and informs him that she has drafted up Binding Corporate Rules for everyone in the company to follow, as it is important for the company to have in place a legal mechanism to transfer data internally from the company’s operations in the European Union to the U.S.

Joe believes that Alice is doing a great job, and informs her that she will also be in-charge of handling a major lawsuit that has been brought against the company in federal court in the U.S. To prepare for the lawsuit, Alice instructs the company’s IT department to make copies of the computer hard drives from the entire global sales team, including the European Union, and send everything to her so that she can review everyone’s information. Alice believes that Joe will be happy that she did the first level review, as it will save the company a lot of money that would otherwise be paid to its outside law firm.

In preparing the company for its impending lawsuit, Alice’s instruction to the company’s IT Department violated Article 5 of the GDPR because the company failed to first do what?

Options:

Send out consent forms to all of its employees.

Minimize the amount of data collected for the lawsuit.

Inform all of its employees about the lawsuit.

Encrypt the data from all of its employees.

Discussion

Page: 9 / 19

Title

Questions

Posted

iapp.help2pass.passed exam today cipp-e.by franco.q125.vce.pdf

125