CIPM V1

Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?A . The DPIA result must be reported to the corresponding supervisory authority. B. The DPIA report must be published to demonstrate the transparency of the data processing....

SCENARIO Please use the following to answer the next QUESTION: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have...

Which of the following privacy frameworks are legally binding?A . Binding Corporate Rules (BCRs). B. Generally Accepted Privacy Principles (GAPP). C. Asia-Pacific Economic Cooperation (APEC) Privacy Framework. D. Organization for Economic Co-Operation and Development (OECD) Guidelines.View AnswerAnswer: A

SCENARIO Please use the following to answer the next QUESTION: Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to change the hotel’s on-the-job mentoring model to a standardized training program for employees who were...

What is a key feature of the privacy metric template adapted from the National Institute of Standards and Technology (NIST)?A . It provides suggestions about how to collect and measure data. B. It can be tailored to an organization's particular needs. C. It is updated annually to reflect changes in...

Which of the following is TRUE about a PIA (Privacy Impact Analysis)?A . Any project that involves the use of personal data requires a PIA B. A Data Protection Impact Analysis (DPIA) process includes a PIA C. The PIA must be conducted at the early stages of the project lifecycle...

Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?A . An obligation on the processor to report any personal data breach to the controller within 72 hours. B. An obligation...

SCENARIO Please use the following to answer the next QUESTION: Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handling Shipping, for his work in reforming certain "rogue" offices. Last year, news broke that a police sting operation had revealed a...

SCENARIO Please use the following to answer the next QUESTION: Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been...

SCENARIO Please use the following to answer the next QUESTION: As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around...