CIPP-E V3

In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority? A. Where the DPIA identifies that personal data needs to be transferred to other countries outside of the EEA. B. Where the DPIA identifies high risks to individuals’ rights and...

According to the GDPR, how is pseudonymous personal data defined?A . Data that can no longer be attributed to a specific data subject without the use of additional information kept separately.B . Data that can no longer be attributed to a specific data subject, with no possibility of re-identifying the...

In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?A . If the cookies do not track personal data, then pre-checked boxes are acceptable.B . If the ePrivacy Directive requires consent for cookies, then the...

SCENARIO Please use the following to answer the next question: Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical company on a clinical trial related to COVID-19. As part of his onboarding process Jack received privacy training He was explicitly informed that while he...

SCENARIO Please use the following to answer the next question: Zandelay Fashion (‘Zandelay’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Martin is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection...

SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is...

Company X has entrusted the processing of their payroll data to Provider Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this...

Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?A . The behavior of suspected terrorists being monitored by EU law enforcement bodies.B . Personal data of EU citizens being processed by a controller or processor based outside the EU.C ....

What is the MAIN reason GDPR Article 4(22) establishes the concept of the “concerned supervisory authority”?A . To encourage the consistency of local data processing activity.B . To give corporations a choice about who their supervisory authority will be.C . To ensure the GDPR covers controllers that do not have...

What obligation does a data controller or processor have after appointing a data protection officer?A . To ensure that the data protection officer receives sufficient instructions regarding the exercise of his or her defined tasks.B . To provide resources necessary to carry out the defined tasks of the data protection...