IAPP CIPP-E Exam Practice Questions (P. 3)
- Full Access (295 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?
- AThat it essentially functions as a one-stop shop mechanismMost Voted
- BThat it takes the form of a Regulation as opposed to a Directive
- CThat it makes notification of large-scale data breaches mandatory
- DThat it makes appointment of a data protection officer mandatory
Correct Answer:
D
D
send
light_mode
delete
Question #12
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
- AThe ePrivacy Directive allows individual EU member states to engage in such data retention.
- BThe ePrivacy Directive harmonizes EU member states’ rules concerning such data retention.Most Voted
- CThe Data Retention Directive’s annulment makes such data retention now permissible.
- DThe GDPR allows the retention of such data for the prevention, investigation, detection or prosecution of criminal offences only.
Correct Answer:
D
D
send
light_mode
delete
Question #13
What type of data lies beyond the scope of the General Data Protection Regulation?
send
light_mode
delete
Question #14
Under what circumstances would the GDPR apply to personal data that exists in physical form, such as information contained in notebooks or hard copy files?
- AOnly where the personal data is produced as a physical output of specific automated processing activities, such as printing, labelling, or stamping.
- BOnly where the personal data is to be subjected to specific computerized processing, such as image scanning or optical character recognition.
- COnly where the personal data is treated by automated means in some way, such as computerized distribution or filing.
- DOnly where the personal data is handled in a sufficiently structured manner so as to form part of a filing system.Most Voted
Correct Answer:
D
D
send
light_mode
delete
Question #15
SCENARIO -
Please use the following to answer the next question:
You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular toy stores throughout Europe, the United States and Asia. A large portion of the company’s revenue is due to international sales.
The company now wishes to launch a new range of connected toys, ones that can talk and interact with children. The CEO of the company is touting these toys as the next big thing, due to the increased possibilities offered: The figures can answer children’s questions on various subjects, such as mathematical calculations or the weather. Each figure is equipped with a microphone and speaker and can connect to any smartphone or tablet via Bluetooth. Any mobile device within a 10-meter radius can connect to the toys via Bluetooth as well. The figures can also be associated with other figures (from the same manufacturer) and interact with each other for an enhanced play experience.
When a child asks the toy a question, the request is sent to the cloud for analysis, and the answer is generated on cloud servers and sent back to the figure. The answer is given through the figure’s integrated speakers, making it appear as though that the toy is actually responding to the child’s question. The packaging of the toy does not provide technical details on how this works, nor does it mention that this feature requires an internet connection. The necessary data processing for this has been outsourced to a data center located in South Africa. However, your company has not yet revised its consumer-facing privacy policy to indicate this.
In parallel, the company is planning to introduce a new range of game systems through which consumers can play the characters they acquire in the course of playing the game. The system will come bundled with a portal that includes a Near-Field Communications (NFC) reader. This device will read an RFID tag in the action figure, making the figure come to life onscreen. Each character has its own stock features and abilities, but it is also possible to earn additional ones by accomplishing game goals. The only information stored in the tag relates to the figures’ abilities. It is easy to switch characters during the game, and it is possible to bring the figure to locations outside of the home and have the character’s abilities remain intact.
Why is this company obligated to comply with the GDPR?
Please use the following to answer the next question:
You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular toy stores throughout Europe, the United States and Asia. A large portion of the company’s revenue is due to international sales.
The company now wishes to launch a new range of connected toys, ones that can talk and interact with children. The CEO of the company is touting these toys as the next big thing, due to the increased possibilities offered: The figures can answer children’s questions on various subjects, such as mathematical calculations or the weather. Each figure is equipped with a microphone and speaker and can connect to any smartphone or tablet via Bluetooth. Any mobile device within a 10-meter radius can connect to the toys via Bluetooth as well. The figures can also be associated with other figures (from the same manufacturer) and interact with each other for an enhanced play experience.
When a child asks the toy a question, the request is sent to the cloud for analysis, and the answer is generated on cloud servers and sent back to the figure. The answer is given through the figure’s integrated speakers, making it appear as though that the toy is actually responding to the child’s question. The packaging of the toy does not provide technical details on how this works, nor does it mention that this feature requires an internet connection. The necessary data processing for this has been outsourced to a data center located in South Africa. However, your company has not yet revised its consumer-facing privacy policy to indicate this.
In parallel, the company is planning to introduce a new range of game systems through which consumers can play the characters they acquire in the course of playing the game. The system will come bundled with a portal that includes a Near-Field Communications (NFC) reader. This device will read an RFID tag in the action figure, making the figure come to life onscreen. Each character has its own stock features and abilities, but it is also possible to earn additional ones by accomplishing game goals. The only information stored in the tag relates to the figures’ abilities. It is easy to switch characters during the game, and it is possible to bring the figure to locations outside of the home and have the character’s abilities remain intact.
Why is this company obligated to comply with the GDPR?
- AThe company has offices in the EU.
- BThe company employs staff in the EU.
- CThe company’s data center is located in a country outside the EU.
- DThe company’s products are marketed directly to EU customers.
Correct Answer:
D
D
send
light_mode
delete
All Pages