Question # 1 Assuming that the “without undue delay” provision is followed, what is the time limit for complying with a data access request?
A. Within 40 days of receipt
B. Within 40 days of receipt, which may be extended by up to 40 additional days
C. Within one month of receipt, which may be extended by up to an additional month
D. Within one month of receipt, which may be extended by an additional two months
Click for Answer
C. Within one month of receipt, which may be extended by up to an additional month
Answer Description Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-thegeneral- data-protection- regulation-gdpr/individual-rights/right-of-access/
Question # 2 An organization conducts body temperature checks as a part of COVID-19 monitoring. Body temperature is measured manually and is not followed by registration, documentation or other processing of an individual’s personal data. Which of the following best explain why this practice would NOT be subject to the GDPR?
A. Bdy temperature is not considered personal data.
B. The practice does not involve completion by automated means.
C. Body temperature is considered pseudonymous data.
D. The practice is for the purpose of alleviating extreme risks to public health
Click for Answer
B. The practice does not involve completion by automated means.
Question # 3 Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a sales representative from the up-and-coming IT company Techiva, hoping that they can design a new, cutting-edge website for TripBliss Inc.’s foundering business. During negotiations, a Techiva representative describes a plan for gathering more customer information through detailed Questionaires, which could be used to tailor their preferences to specific travel destinations. TripBliss Inc. can choose any number of data categories – age, income, ethnicity – that would help them best accomplish their goals. Oliver loves this idea, but would also like to have some way of gauging how successful this approach is, especially since the Questionaires will require customers to provide explicit consent to having their data collected. The Techiva representative suggests that they also run a program to analyze the new website’s traffic, in order to get a better understanding of how customers are using it. He explains his plan to place a number of cookies on customer devices. The cookies will allow the company to collect IP addresses and other information, such as the sites from which the customers came, how much time they spend on the TripBliss Inc. website, and which pages on the site they visit. All of this information will be compiled in log files, which Techiva will analyze by means of a special program. TripBliss Inc. would receive aggregate statistics to help them evaluate the website’s effectiveness. Oliver enthusiastically engages Techiva for these services. Techiva assigns the analytics portion of the project to longtime account manager Leon Santos. As is standard practice, Leon is given administrator rights to TripBliss Inc.’s website, and can authorize access to the log files gathered from it. Unfortunately forTripBliss Inc., however, Leon is taking on this new project at a time when his dissatisfaction with Techiva is at a high point. In order to take revenge for what he feels has been unfair treatment at the hands of the company, Leon asks his friend Fred, a hobby hacker, for help. Together they come up with the following plan: Fred will hack into Techiva’s system and copy their log files onto a USB stick. Despite his initial intention to send the USB to the press and to the data protection authority in order to denounce Techiva, Leon experiences a crisis of conscience and ends up reconsidering his plan. He decides instead to securely wipe all the data from the USB stick and inform his manager that the company’s system of access control must be reconsidered. With regard to TripBliss Inc.’s use of website cookies, which of the following statements is correct?
A. Because not all of the cookies are strictly necessary to enable the use of a service requested from TripBliss Inc., consent requirements apply to their use of cookies.
B. Because of the categories of data involved, explicit consent for the use of cookies must be obtained separately from customers.
C. Because Techiva will receive only aggregate statistics of data collected from the cookies, no additional consent is necessary.
D. Because the use of cookies involves the potential for location tracking, explicit consent must be obtained from customers.
Click for Answer
B. Because of the categories of data involved, explicit consent for the use of cookies must be obtained separately from customers.
Question # 4 Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?
A. The European Parliament
B. The European Commission
C. The Article 29 Working Party
D. The European Council
Click for Answer
B. The European Commission
Answer Description Reference: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimensiondata- protection/ adequacy-decisions_en
Question # 5 Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is in English and French, it accepts only Canadian currency, and it blocks internet traffic from outside of Canada (although this solution doesn’t prevent all non-Canadian traffic). It also declines to process orders that request the DNA report to be sent outside of Canada, and returns orders that show a non-Canadian return address. Bob, the President of Who-R-U, thinks there is a lot of interest for the product in the EU, and the company is exploring a number of plans to expand its customer base. The first plan, collegially called We-Track-U, will use an app to collect information about its current Canadian customer base. The expansion will allow its Canadian customers to use the app while traveling abroad. He suggests that the company use this app to gather location information. If the plan shows promise, Bob proposes to use push notifications and text messages to encourage existing customers to pre-register for an EU version of the service. Bob calls this work plan, We- Text-U. Once the company has gathered enough pre- registrations, it will develop EUspecific content and services. Another plan is called Customer for Life. The idea is to offer additional services through the company’s app, like storage and sharing of DNA information with other applications and medical providers. The company’s contract says that it can keep customer DNA indefinitely, and use it to offer new services and market them to customers. It also says that customers agree not to withdraw direct marketing consent. Paul, the marketing director, suggests that the company should fully exploit these provisions, and that it can work around customers’ attempts to withdraw consent because the contract invalidates them. The final plan is to develop a brand presence in the EU. The company has already begun this process. It is in the process of purchasing the naming rights for a building in Germany, which would come with a few offices that Who-R-U executives can use while traveling internationally. The office doesn’t include any technology or infrastructure; rather, it’s simply a room with a desk and some chairs. On a recent trip concerning the naming-rights deal, Bob’s laptop is stolen. The laptop held unencrypted DNA reports on 5,000 Who-R-U customers, all of whom are residents of Canada. The reports include customer name, birthdate, ethnicity, racial background, names of relatives, gender, and occasionally health information. If Who-R-U adopts the We-Track-U pilot plan, why is it likely to be subject to the territorial scope of the GDPR?
A. Its plan would be in the context of the establishment of a controller in the Union.
B. It would be offering goods or services to data subjects in the Union.
C. It is engaging in commercial activities conducted in the Union.
D. It is monitoring the behavior of data subjects in the Union.
Click for Answer
D. It is monitoring the behavior of data subjects in the Union.
Question # 6 Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject’s sensitive medical information without the data subject’s knowledge or consent?
A. A member of the judiciary involved in adjudicating a legal dispute involving the data subject and concerning the health of the data subject.
B. A public authority responsible for public health, where the sharing of such information is considered necessary for the protection of the general populace.
C. A health professional involved in the medical care for the data subject, where the data subject’s life hinges on the timely dissemination of such information.
D. A journalist writing an article relating to the medical condition in QUESTION, who believes that the publication of such information is in the public interest.
Click for Answer
B. A public authority responsible for public health, where the sharing of such information is considered necessary for the protection of the general populace.
Answer Description Reference: https://www.eui.eu/Documents/ServicesAdmin/DeanOfStudies/ResearchEthics/Guide- Data- Protection-Research.pdf
Question # 7 Please use the following to answer the next question: ABC Hotel Chain and XYZ Travel Agency are U.S.-based multinational companies. They use an internet-based common platform for collecting and sharing their customer data with each other, in order to integrate their marketing efforts. Additionally, they agree on the data to be stored, how reservations will be booked and confirmed, and who has access to the stored data. Mike, an EU resident, has booked travel itineraries in the past through XYZ Travel Agency to stay at ABC Hotel Chain’s locations. XYZ Travel Agency offers a rewards program that allows customers to sign up to accumulate points that can later be redeemed for free travel. Mike has signed the agreement to be a rewards program member. Now Mike wants to know what personal information the company holds about him. He sends an email requesting access to his data, in order to exercise what he believes are his data subject rights. What is the time period in which Mike should receive a response to his request?
A. Not more than one month of receipt of Mike’s request.
B. Not more than two months after verifying Mike’s identity.
C. When all the information about Mike has been collected.
D. Not more than thirty days after submission of Mike’s request.
Click for Answer
D. Not more than thirty days after submission of Mike’s request.
Question # 8 Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?
A. A voluntary notification for personal data breaches applicable to all data controllers.
B. A voluntary notification for personal data breaches applicable to electronic communication providers.
C. A mandatory notification for personal data breaches applicable to all data controllers
D. A mandatory notification for personal data breaches applicable to electronic communication providers
Click for Answer
D. A mandatory notification for personal data breaches applicable to electronic communication providers
Answer Description Reference: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32009L0136
Up-to-Date
We always provide up-to-date CIPP-E exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Certified Information Privacy Professional/Europe (CIPP/E) practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the CIPP-E exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download Certified Information Privacy Professional Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
We are UK based company, selling CIPP-E practice test questions answers. We have a team of 34 people in Research, Writing, QA, Sales, Support and Marketing departments and helping people get success in their life.
We dont have a single unsatisfied IAPP customer in this time. Our customers are our asset and precious to us more than their money.
CIPP-E Dumps
We have recently updated IAPP CIPP-E dumps study guide. You can use our Certified Information Privacy Professional braindumps and pass your exam in just 24 hours. Our Certified Information Privacy Professional/Europe (CIPP/E) real exam contains latest questions. We are providing IAPP CIPP-E dumps with updates for 3 months. You can purchase in advance and start studying. Whenever IAPP update Certified Information Privacy Professional/Europe (CIPP/E) exam, we also update our file with new questions. Passin1day is here to provide real CIPP-E exam questions to people who find it difficult to pass exam
Certified Information Privacy Professional can advance your marketability and prove to be a key to differentiating you from those who have no certification and Passin1day is there to help you pass exam with CIPP-E dumps. IAPP Certifications demonstrate your competence and make your discerning employers recognize that Certified Information Privacy Professional/Europe (CIPP/E) certified employees are more valuable to their organizations and customers. We have helped thousands of customers so far in achieving their goals. Our excellent comprehensive IAPP exam dumps will enable you to pass your certification Certified Information Privacy Professional exam in just a single try. Passin1day is offering CIPP-E braindumps which are accurate and of high-quality verified by the IT professionals. Candidates can instantly download Certified Information Privacy Professional dumps and access them at any device after purchase. Online Certified Information Privacy Professional/Europe (CIPP/E) practice tests are planned and designed to prepare you completely for the real IAPP exam condition. Free CIPP-E dumps demos can be available on customer’s demand to check before placing an order.
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my IAPP exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your CIPP-E exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Certified Information Privacy Professional/Europe (CIPP/E) braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.