CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IAPP
  5. CIPP-E

Free CIPP-E Exam Braindumps (page: 9)

Page 9 of 68
PDF with 295 Questions

With the issue of consent, the GDPR allows member states some choice regarding what?

  1. The mechanisms through which consent may be communicated
  2. The circumstances in which silence or inactivity may constitute consent
  3. The age at which children must be required to obtain parental consent
  4. The timeframe in which data subjects are allowed to withdraw their consent

Answer(s): C

Explanation:

The GDPR states that the parental consent mechanism generally applies when the child is younger than 16 years. Processing personal data will be lawful only if the child's parent or custodian has consented to such processing. However, Member States are allowed to lower this threshold in national legislation up to 13 years old. This means that Member States have some choice regarding the age limit for children's consent, as long as it is not below 13 years. The GDPR also requires that the consent request is clear and understandable for the child, and that the controller makes reasonable efforts to verify that the consent is given or authorised by the holder of parental responsibility.


Reference:

CIPP/E Certification - International Association of Privacy Professionals, Free CIPP/E Study Guide - International Association of Privacy Professionals, GDPR - EUR-Lex, Complying with the GDPR when vulnerable people use smart devices I hope this helps. If you have any other questions, please let me know. .


https://gdpr-info.eu/issues/consent/



Which sentence BEST summarizes the concepts of "fairness," "lawfulness" and "transparency", as expressly required by Article 5 of the GDPR?

  1. Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.
  2. Fairness refers to limiting the amount of data collected from individuals; lawfulness refers to the approval of company guidelines by the state; transparency solely relates to communication of key information before collecting data.
  3. Fairness refers to the security of personal data; lawfulness and transparency refers to the analysis of ordinances to ensure they are uniformly enforced.
  4. Fairness refers to the collection of data from diverse subjects; lawfulness refers to the need for legal rules to be uniform; transparency refers to giving individuals access to their data.

Answer(s): A

Explanation:

According to the UK GDPR, the processing of personal data must be lawful, fair and transparent. Lawfulness means that there must be a valid legal basis for processing personal data, such as consent, contract, legal obligation, vital interests, public task or legitimate interests. Fairness means that the processing must not be detrimental, unexpected or misleading to the individuals concerned. Transparency means that the individuals must be informed about how their data is used, who it is shared with, what rights they have and how they can exercise them. Therefore, the sentence that best summarizes these concepts is option A, which states that fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.


Reference:

1 https://ico.org.uk/for- organisations-2/guide-to-data-protection/guide-to-the-general-data-protection-regulation- gdpr/principles/lawfulness-fairness-and-transparency/



Article 5(1)(b) of the GDPR states that personal data must be "collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes." Based on Article 5(1)(b),

what is the impact of a member state's interpretation of the word "incompatible"?

  1. It dictates the level of security a processor must follow when using and storing personal data for two different purposes.
  2. It guides the courts on the severity of the consequences for those who are convicted of the intentional misuse of personal data.
  3. It sets the standard for the level of detail a controller must record when documenting the purpose for collecting personal data.
  4. It indicates the degree of flexibility a controller has in using personal data in ways that may vary from its original intended purpose.

Answer(s): D

Explanation:

The purpose limitation principle requires that personal data be collected for specified, explicit and legitimate purposes and not be further processed in a manner that is incompatible with those purposes. However, the GDPR does not provide a clear definition of what constitutes an incompatible purpose. Instead, it leaves room for interpretation by the member states, taking into account the context and circumstances of the processing. This means that the degree of flexibility a controller has in using personal data for a new purpose may vary depending on the member state's law and guidance. Some factors that may affect the compatibility assessment include the link between the original and the new purpose, the expectations of the data subject, the nature of the data, the impact of the further processing, and the safeguards applied by the controller.


Reference:

GDPR Article 5(1)(b), which states the purpose limitation principle. GDPR Article 6(4), which lists the criteria for assessing the compatibility of a new purpose. ICO guidance, which explains the purpose limitation principle and provides examples of compatible and incompatible purposes.
[EDPB guidelines], which provide further guidance on the application of the purpose limitation principle.



Tanya is the Data Protection Officer for Curtains Inc., a GDPR data controller. She has recommended that the company encrypt all personal data at rest.
Which GDPR principle is she following?

  1. Accuracy
  2. Storage Limitation
  3. Integrity and confidentiality
  4. Lawfulness, fairness and transparency

Answer(s): C

Explanation:

The GDPR requires that personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. This principle is known as integrity and confidentiality, or sometimes as security. Encryption is one of the possible technical measures that can be used to protect personal data at rest, as it makes the data unintelligible to anyone who does not have the key to decrypt it. By recommending that the company encrypts all personal data at rest, Tanya is following the principle of integrity and confidentiality, as she is ensuring that the personal data is secure and protected from unauthorised access or accidental damage.


Reference:

1: Article 5(1)(f) of the GDPR 2: A guide to the data protection principles | ICO 3: Encryption | ICO


https://www.icaew.com/technical/technology/data/data-protection/data-protection- articles/do-i- have-to-encrypt-personal-data-to-comply-with-dpa-2018






Post your Comments and Discuss IAPP CIPP-E exam with other Community members:

CIPP-E Exam Discussions & Posts