Special Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

Good News !!! CIPP-E Certified Information Privacy Professional/Europe (CIPP/E) is now Stable and With Pass Result

CIPP-E Practice Exam Questions and Answers

Certified Information Privacy Professional/Europe (CIPP/E)

Last Update 1 month ago
Total Questions : 295

Certified Information Privacy Professional/Europe (CIPP/E) is stable now with all latest exam questions are added 1 month ago. Incorporating CIPP-E practice exam questions into your study plan is more than just a preparation strategy.

CIPP-E exam questions often include scenarios and problem-solving exercises that mirror real-world challenges. Working through CIPP-E dumps allows you to practice pacing yourself, ensuring that you can complete all Certified Information Privacy Professional/Europe (CIPP/E) practice test within the allotted time frame.

CIPP-E PDF

CIPP-E PDF (Printable)
$43.75
$124.99

CIPP-E Testing Engine

CIPP-E PDF (Printable)
$50.75
$144.99

CIPP-E PDF + Testing Engine

CIPP-E PDF (Printable)
$63.7
$181.99
Question # 1

Which of the following is NOT considered a fair processing practice in relation to the transparency principle?

Options:

A.  

Providing a multi-layered privacy notice, in a website environment.

B.  

Providing a QR code linking to more detailed privacy notice, in a CCTV sign.

C.  

Providing a hyperlink to the organization’s home page, in a hard copy application form.

D.  

Providing a “just-in-time” contextual pop-up privacy notice, in an online application from field.

Discussion 0
Question # 2

SCENARIO

Please use the following to answer the next question:

Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical company on a clinical trial related to COVID-19. As part of his onboarding process Jack received privacy training He was explicitly informed that while he would need to process confidential patient data in the course of his work, he may under no circumstances use this data for anything other than the performance of work-related (asks This was also specified in the privacy policy, which Jack signed upon conclusion of the training.

After several months of employment, Jack got into an argument with a patient over the phone. Out of anger he later posted the patient's name and hearth information, along with disparaging comments, on a social media website. When this was discovered by his Pharmacovigilance supervisors. Jack was immediately dismissed

Jack's lawyer sent a letter to the company stating that dismissal was a disproportionate sanction, and that if Jack was not reinstated within 14 days his firm would have no alternative but to commence legal proceedings against the company. This letter was accompanied by a data access request from Jack requesting a copy of "all personal data, including internal emails that were sent/received by Jack or where Jack is directly or indirectly identifiable from the contents. In relation to the emails Jack listed six members of the management team whose inboxes the required access.

How should the company respond to Jack's request to be forgotten?

Options:

A.  

The company should not erase the data at this time as it may be required to defend a legal claim of unfair dismissal.

B.  

The company should erase all data relating to Jack without undue delay as the right to be forgotten is an absolute right.

C.  

The company should claim that the right to be forgotten is not applicable to them, as only a fraction of their global workforce resides in the European Union.

D.  

The company should ensure that the information is stored outside of the European Union so that the right to be forgotten under the GDPR does not apply.

Discussion 0
Question # 3

To receive a preliminary interpretation on provisions of the GDPR, a national court will refer its case to which of the following?

Options:

A.  

The Court of Justice of the European Union.

B.  

The European Data Protection Supervisor.

C.  

The European Court of Human Rights.

D.  

The European Data Protection Board.

Discussion 0
Question # 4

Which aspect of processing does the GDPR allow processors to determine for themselves?

Options:

A.  

The question of whether the controller needs to be informed about the substitution of another processor carrying out specific processing activities on behalf of the controller.

B.  

Their own purposes for the processing, if such purposes are compatible with those for which the personal data were initially collected.

C.  

The parameters of their marketing campaigns using personal data relating to the controller's customers.

D.  

Their own type of hardware or software and the specific security measures for the processing.

Discussion 0
Question # 5

What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?

Options:

A.  

ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.

B.  

CJEU can force national governments to implement and honor EU law, while the ECHR cannot.

C.  

CJEU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.

D.  

ECHR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot.

Discussion 0
Question # 6

Bioface is a company based in the United States. It has no servers, personnel or assets in the European Union. By collecting photographs from social media and other web-based services, such as newspapers and blogs, it uses machine learning to develop a facial recognition algorithm. The algorithm identifies individuals in photographs who are not in its data set based the algorithm and its existing data. The service collects photographs of data subjects in the European Union and will identify them if presented with their photographs. Bioface offers its service to government agencies and companies in the United States and Canada, but not to those in the European Union. Bioface does not offer the service to individuals.

Why is Bioface subject to the territorial scope of the General Data Protection Regulation?

Options:

A.  

It collects data from European Union websites, which constitutes an establishment in the European Union.

B.  

It offers services in the European Union by identifying data subjects in the European Union.

C.  

It collects data from subjects and uses it for automated processing.

D.  

It monitors the behavior of data subjects in the European Union.

Discussion 0
Question # 7

A news website based m (he United Slates reports primarily on North American events The website is accessible to any user regardless of location, as the website operator does not block connections from outside of the U.S. The website offers a pad subscription that requires the creation of a user account; this subscription can only be paid in U.S. dollars.

Which of the following explains why the website operator, who is the responsible for all processing related to account creation and subscriptions, is NOT required to comply with the GDPR?

Options:

A.  

Payments cannot be made in a European Union currency.

B.  

The controller does not have an establishment in the European Union.

C.  

The website is not available in several official languages of European Un on Member States

D.  

The website cannot block connections from outside the U.S. that use a Virtual Private Network (VPN) to simulate a US location.

Discussion 0
Question # 8

Under the Data Protection Law Enforcement Directive of the EU, a government can carry out covert investigations involving personal data, as long it is set forth by law and constitutes a measure that is both necessary and what?

Options:

A.  

Prudent.

B.  

Important.

C.  

Proportionate.

D.  

DPA-approved.

Discussion 0
Question # 9

SCENARIO

Please use the following to answer the next question:

Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records:

    Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information.

    Staff records, including autobiographical materials (such as curricula, professional contact files, student evaluations and other relevant teaching files).

    Alumni records, including birthplaces, years of birth, dates of matriculation and conferrals of degrees. These records are available to former students after registering through Granchester’s Alumni portal. Department for Education records, showing how certain demographic groups (such as first-generation students) could be expected, on average, to progress. These records do not contain names or identification numbers.

    Under their security policy, the University encrypts all of its personal data records in transit and at rest.

In order to improve his teaching, Frank wants to investigate how his engineering students perform in relational to Department for Education expectations. He has attended one of Anna’s data protection training courses and knows that he should use no more personal data than necessary to accomplish his goal. He creates a

program that will only export some student data: previous schools attended, grades originally obtained, grades currently obtained and first time university attended. He wants to keep the records at the individual student level. Mindful of Anna’s training, Frank runs the student numbers through an algorithm to transform them into different reference numbers. He uses the same algorithm on each occasion so that he can update each record over time.

One of Anna’s tasks is to complete the record of processing activities, as required by the GDPR. After receiving her email reminder, as required by the GDPR. After receiving her email reminder, Frank informs Anna about his performance database.

Ann explains to Frank that, as well as minimizing personal data, the University has to check that this new use

of existing data is permissible. She also suspects that, under the GDPR, a risk analysis may have to be carried out before the data processing can take place. Anna arranges to discuss this further with Frank after she has done some additional research.

Frank wants to be able to work on his analysis in his spare time, so he transfers it to his home laptop (which is not encrypted). Unfortunately, when Frank takes the laptop into the University he loses it on the train. Frank has to see Anna that day to discuss compatible processing. He knows that he needs to report security incidents, so he decides to tell Anna about his lost laptop at the same time.

Before Anna determines whether Frank’s performance database is permissible, what additional information does she need?

Options:

A.  

More information about Frank’s data protection training.

B.  

More information about the extent of the information loss.

C.  

More information about the algorithm Frank used to mask student numbers.

D.  

More information about what students have been told and how the research will be used.

Discussion 0
Question # 10

Article 9 of the GDPR lists exceptions to the general prohibition against processing biometric data. Which of the following is NOT one of these exceptions?

Options:

A.  

The processing is done by a non-profit organization and the results are disclosed outside the organization.

B.  

The processing is necessary to protect the vital interests of the data subject when he or she is incapable of giving consent.

C.  

The processing is necessary for the establishment, exercise or defense of legal claims when courts are acting in a judicial capacity.

D.  

The processing is explicitly consented to by the data subject and he or she is allowed by Union or Member State law to lift the prohibition.

Discussion 0
Get CIPP-E dumps and pass your exam in 24 hours!

Free Exams Sample Questions