Question # 1
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?
| | A. The behavior of suspected terrorists being monitored by EU law enforcement bodies.
| | B. Personal data of EU citizens being processed by a controller or processor based outside the EU. | | C. The behavior of EU citizens outside the EU being monitored by non-EU law enforcement bodies.
| | D. Personal data of EU residents being processed by a non-EU business that targets EU customers. |
B. Personal data of EU citizens being processed by a controller or processor based outside the EU.
Reference: https://hsfnotes.com/data/2019/12/02/edpb-adopts-final-guidelines-on-gdprextra-
territoriality/
Question # 2
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority?
| | A. Where the DPIA identifies that personal data needs to be transferred to other countries outside of the EEA.
| | B. Where the DPIA identifies high risks to individuals’ rights and freedoms that the | | C. Where the DPIA identifies that the processing being proposed collects the sensitive data of EU citizens.
| | D. Where the DPIA identifies risks that will require insurance for protecting its business |
B. Where the DPIA identifies high risks to individuals’ rights and freedoms that the
Question # 3
Please use the following to answer the next question:
ABC Hotel Chain and XYZ Travel Agency are U.S.-based multinational companies. They
use an internet-based common platform for collecting and sharing their customer data with
each other, in order to integrate their marketing efforts. Additionally, they agree on the data
to be stored, how reservations will be booked and confirmed, and who has access to the
stored data.
Mike, an EU resident, has booked travel itineraries in the past through XYZ Travel Agency
to stay at ABC Hotel Chain’s locations. XYZ Travel Agency offers a rewards program that
allows customers to sign up to accumulate points that can later be redeemed for free travel.
Mike has signed the agreement to be a rewards program member.
Now Mike wants to know what personal information the company holds about him. He
sends an email requesting access to his data, in order to exercise what he believes are his
data subject rights.
In which of the following situations would ABC Hotel Chain and XYZ Travel Agency NOT
have to honor Mike’s data access request?
| | A. The request is to obtain access and correct inaccurate personal data in his profile.
| | B. The request is to obtain access and information about the purpose of processing his personal data.
| | C. The request is to obtain access and erasure of his personal data while keeping his rewards membership.
| | D. The request is to obtain access and the categories of recipients who have received his
personal data to process his rewards membership. |
C. The request is to obtain access and erasure of his personal data while keeping his rewards membership.
Question # 4
Please use the following to answer the next question:
Javier is a member of the fitness club EVERFIT. This company has branches in many EU
member states, but for the purposes of the GDPR maintains its primary establishment in
France. Javier lives in Newry, Northern Ireland (part of the U.K.), and commutes across the
border to work in Dundalk, Ireland. Two years ago while on a business trip, Javier was
photographed while working out at a branch of EVERFIT in Frankfurt, Germany. At the
time, Javier gave his consent to being included in the photograph, since he was told that it
would be used for promotional purposes only. Since then, the photograph has been used in
the club’s U.K. brochures, and it features in the landing page of its U.K. website. However,
the fitness club has recently fallen into disrepute due to widespread mistreatment of
members at various branches of the club in several EU member states. As a result, Javier
no longer feels comfortable with his photograph being publicly associated with the fitness
club.
After numerous failed attempts to book an appointment with the manager of the local
branch to discuss this matter, Javier sends a letter to EVETFIT requesting that his image
be removed from the website and all promotional materials. Months pass and Javier,
having received no acknowledgment of his request, becomes very anxious about this
matter. After repeatedly failing to contact EVETFIT through alternate channels, he decides
to take action against the company.
Javier contacts the U.K. Information Commissioner’s Office (‘ICO’ – the U.K.’s supervisory
authority) to lodge a complaint about this matter. The ICO, pursuant to Article 56 (3) of the
GDPR, informs the CNIL (i.e. the supervisory authority of EVERFIT’s main establishment)
about this matter. Despite the fact that EVERFIT has an establishment in the U.K., the
CNIL decides to handle the case in accordance with Article 60 of the GDPR. The CNIL
liaises with the ICO, as relevant under the cooperation procedure. In light of issues
amongst the supervisory authorities to reach a decision, the European Data Protection
Board becomes involved and, pursuant to the consistency mechanism, issues a binding
decision.
Additionally, Javier sues EVERFIT for the damages caused as a result of its failure to
honor his request to have his photograph removed from the brochure and website.
Under the cooperation mechanism, what should the lead authority (the CNIL) do after it has
formed its view on the matter?
| | A. Submit a draft decision to other supervisory authorities for their opinion.
| | B. Request that the other supervisory authorities provide the lead authority with a draft decision for its consideration.
| | C. Submit a draft decision directly to the Commission to ensure the effectiveness of the consistency mechanism.
| | D. Request that members of the seconding supervisory authority and the host supervisory authority co-draft a decision |
B. Request that the other supervisory authorities provide the lead authority with a draft decision for its consideration.
Question # 5
Under Article 21 of the GDPR, a controller must stop profiling when requested by a data subject, unless it can demonstrate compelling legitimate grounds that override the interests of the individual. In the Guidelines on Automated individual decision-making and Profiling,
the WP 29 says the controller needs to do all of the following to demonstrate that it has such legitimate grounds EXCEPT?
| | A. Carry out an exercise that weighs the interests of the controller and the basis for the data subject’s objection.
| | B. Consider the impact of the profiling on the data subject’s interest, rights and freedoms.
| | C. Demonstrate that the profiling is for the purposes of direct marketing.
| | D. Consider the importance of the profiling to their particular objective. |
C. Demonstrate that the profiling is for the purposes of direct marketing.
Question # 6
If a French controller has a car-sharing app available only in Morocco, Algeria and Tunisia, but the data processing activities are carried out by the appointed processor in Spain, the GDPR will apply to the processing of the personal data so long as?
| | A. The individuals are European citizens or residents.
| | B. The data processing activities are in Spain.
| | C. The data controller is in France.
| | D. The EU individuals are targeted. |
D. The EU individuals are targeted.
Question # 7
Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA
analysis. The company is headquartered in Montreal, and all of its employees are located
there. The company offers its services to Canadians only: Its website is in English and
French, it accepts only Canadian currency, and it blocks internet traffic from outside of
Canada (although this solution doesn’t prevent all non-Canadian traffic). It also declines to
process orders that request the DNA report to be sent outside of Canada, and returns
orders that show a non-Canadian return address.
Bob, the President of Who-R-U, thinks there is a lot of interest for the product in the EU,
and the company is exploring a number of plans to expand its customer base.
The first plan, collegially called We-Track-U, will use an app to collect information about its
current Canadian customer base. The expansion will allow its Canadian customers to use
the app while traveling abroad. He
suggests that the company use this app to gather location information. If the plan shows
promise, Bob proposes to use push notifications and text messages to encourage existing
customers to pre-register for an EU version of the service. Bob calls this work plan, We-
Text-U. Once the company has gathered enough pre- registrations, it will develop EUspecific
content and services.
Another plan is called Customer for Life. The idea is to offer additional services through the
company’s app, like storage and sharing of DNA information with other applications and
medical providers. The company’s contract says that it can keep customer DNA
indefinitely, and use it to offer new services and market them to customers. It also says that
customers agree not to withdraw direct marketing consent. Paul, the marketing director,
suggests that the company should fully exploit these provisions, and that it can work
around customers’ attempts to withdraw consent because the contract invalidates them.
The final plan is to develop a brand presence in the EU. The company has already begun
this process. It is in the process of purchasing the naming rights for a building in Germany,
which would come with a few offices that Who-R-U executives can use while traveling
internationally. The office doesn’t include any technology or infrastructure; rather, it’s simply
a room with a desk and some chairs.
On a recent trip concerning the naming-rights deal, Bob’s laptop is stolen. The laptop held
unencrypted DNA reports on 5,000 Who-R-U customers, all of whom are residents of
Canada. The reports include customer name, birthdate, ethnicity, racial background,
names of relatives, gender, and occasionally health information.
If Who-R-U adopts the We-Track-U pilot plan, why is it likely to be subject to the territorial
scope of the GDPR?
| | A. Its plan would be in the context of the establishment of a controller in the Union.
| | B. It would be offering goods or services to data subjects in the Union.
| | C. It is engaging in commercial activities conducted in the Union.
| | D. It is monitoring the behavior of data subjects in the Union. |
D. It is monitoring the behavior of data subjects in the Union.
IAPP CIPP-E Exam Dumps
5 out of 5
Pass Your Certified Information Privacy Professional/Europe (CIPP/E) Exam in First Attempt With CIPP-E Exam Dumps. Real Certified Information Privacy Professional Exam Questions As in Actual Exam!
— 206 Questions With Valid Answers
— Updation Date : 16-Dec-2024
— Free CIPP-E Updates for 90 Days
— 98% Certified Information Privacy Professional/Europe (CIPP/E) Exam Passing Rate
PDF Only Price 99.99$
19.99$
Buy PDF
Speciality
Additional Information
Testimonials
Related Exams
- Number 1 IAPP Certified Information Privacy Professional study material online
- Regular CIPP-E dumps updates for free.
- Certified Information Privacy Professional/Europe (CIPP/E) Practice exam questions with their answers and explaination.
- Our commitment to your success continues through your exam with 24/7 support.
- Free CIPP-E exam dumps updates for 90 days
- 97% more cost effective than traditional training
- Certified Information Privacy Professional/Europe (CIPP/E) Practice test to boost your knowledge
- 100% correct Certified Information Privacy Professional questions answers compiled by senior IT professionals
IAPP CIPP-E Braindumps
Realbraindumps.com is providing Certified Information Privacy Professional CIPP-E braindumps which are accurate and of high-quality verified by the team of experts. The IAPP CIPP-E dumps are comprised of Certified Information Privacy Professional/Europe (CIPP/E) questions answers available in printable PDF files and online practice test formats. Our best recommended and an economical package is Certified Information Privacy Professional PDF file + test engine discount package along with 3 months free updates of CIPP-E exam questions. We have compiled Certified Information Privacy Professional exam dumps question answers pdf file for you so that you can easily prepare for your exam. Our IAPP braindumps will help you in exam. Obtaining valuable professional IAPP Certified Information Privacy Professional certifications with CIPP-E exam questions answers will always be beneficial to IT professionals by enhancing their knowledge and boosting their career.
Yes, really its not as tougher as before. Websites like Realbraindumps.com are playing a significant role to make this possible in this competitive world to pass exams with help of Certified Information Privacy Professional CIPP-E dumps questions. We are here to encourage your ambition and helping you in all possible ways. Our excellent and incomparable IAPP Certified Information Privacy Professional/Europe (CIPP/E) exam questions answers study material will help you to get through your certification CIPP-E exam braindumps in the first attempt.
Pass Exam With IAPP Certified Information Privacy Professional Dumps. We at Realbraindumps are committed to provide you Certified Information Privacy Professional/Europe (CIPP/E) braindumps questions answers online. We recommend you to prepare from our study material and boost your knowledge. You can also get discount on our IAPP CIPP-E dumps. Just talk with our support representatives and ask for special discount on Certified Information Privacy Professional exam braindumps. We have latest CIPP-E exam dumps having all IAPP Certified Information Privacy Professional/Europe (CIPP/E) dumps questions written to the highest standards of technical accuracy and can be instantly downloaded and accessed by the candidates when once purchased. Practicing Online Certified Information Privacy Professional CIPP-E braindumps will help you to get wholly prepared and familiar with the real exam condition. Free Certified Information Privacy Professional exam braindumps demos are available for your satisfaction before purchase order.
Send us mail if you want to check IAPP CIPP-E Certified Information Privacy Professional/Europe (CIPP/E) DEMO before your purchase and our support team will send you in email.
If you don't find your dumps here then you can request what you need and we shall provide it to you.
Bulk Packages
$60
- Get 3 Exams PDF
- Get $33 Discount
- Mention Exam Codes in Payment Description.
Buy 3 Exams PDF
$90
- Get 5 Exams PDF
- Get $65 Discount
- Mention Exam Codes in Payment Description.
Buy 5 Exams PDF
$110
- Get 5 Exams PDF + Test Engine
- Get $105 Discount
- Mention Exam Codes in Payment Description.
Buy 5 Exams PDF + Engine
 Jessica Doe
Certified Information Privacy Professional
We are providing IAPP CIPP-E Braindumps with practice exam question answers. These will help you to prepare your Certified Information Privacy Professional/Europe (CIPP/E) exam. Buy Certified Information Privacy Professional CIPP-E dumps and boost your knowledge.
|
