CDPSE exam

Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?A . Data custodianB . Privacy data analystC . Data processorD . Data ownerView AnswerAnswer: D Explanation: Reference: https://ico.org.uk/media/1042196/trilateral-full-report.pdf The data owner is the key stakeholder within an organization who should be...

Which of the following is the BEST way to protect personal data in the custody of a third party?A . Have corporate counsel monitor privacy compliance.B . Require the third party to provide periodic documentation of its privacy management program.C . Include requirements to comply with the organization’s privacy policies...

When configuring information systems for the communication and transport of personal data, an organization should:A . adopt the default vendor specifications.B . review configuration settings for compliance.C . implement the least restrictive mode.D . enable essential capabilities only.View AnswerAnswer: B Explanation: Reference: https://www.vonage.com/resources/articles/gdpr-means-customer-communications/ When configuring information systems for the communication...

Which of the following BEST supports an organization’s efforts to create and maintain desired privacy protection practices among employees?A . Skills training programsB . Awareness campaignsC . Performance evaluationsD . Code of conduct principlesView AnswerAnswer: B Explanation: Awareness campaigns are initiatives that aim to educate and inform employees about the...

Which of the following is MOST likely to present a valid use case for keeping a customer’s personal data after contract termination?A . For the purpose of medical researchB . A forthcoming campaign to win back customersC . A required retention period due to regulationsD . Ease of onboarding when...

Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice. Which of the following is the BEST way to address this concern?A . Review the privacy policy.B . Obtain independent assurance of current practices.C . Re-assess the information...

Which of the following system architectures BEST supports anonymity for data transmission?A . Client-serverB . Plug-in-basedC . Front-endD . Peer-to-peerView AnswerAnswer: D Explanation: A peer-to-peer (P2P) system architecture is a network model where each node (peer) can act as both a client and a server, and communicate directly with other...

Which of the following is MOST important when developing an organizational data privacy program?A . Obtaining approval from process ownersB . Profiling current data useC . Following an established privacy frameworkD . Performing an inventory of all dataView AnswerAnswer: C Explanation: Following an established privacy framework is the most important...

Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?A . Offline backup availabilityB . Recovery time objective (RTO)C . Recovery point objective (RPO)D ....

An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?A . Data integrity and confidentialityB . System use requirementsC . Data...