Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

CIPP/E ONLINE PRACTICE EXAM 2025 | ALL QUESTIONS AND CORRECT ANSWERS | VERIFIED ANSWERS, Exams of Database Management Systems (DBMS)

American International CollegeDatabase Management Systems (DBMS)

CIPP/E ONLINE PRACTICE EXAM 2025 | ALL QUESTIONS AND CORRECT ANSWERS | VERIFIED ANSWERS | LATEST VERSION | ALREADY GRADED A+

Typology: Exams

2024/2025

Available from 07/03/2025

rex-smith-1
rex-smith-1 🇺🇸

749 documents

1 / 104

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CIPP/E ONLINE PRACTICE EXAM 2025 | ALL
QUESTIONS AND CORRECT ANSWERS |
VERIFIED ANSWERS | LATEST VERSION |
ALREADY GRADED A+
What is a DPO? ---------CORRECT ANSWER-----------------A staff member
or contractor appointed by the controller processor to ensure and
demonstrate compliance with data protection law.
When is a DPO required? ---------CORRECT ANSWER------------------ The
controller is a public authority
- Core activities include regular and systematic monitoring on a large scale
- Core activities consist of large-scale processing a special categories
What are a DPO's tasks and responsibilities? ---------CORRECT ANSWER-
----------------- Report to the highest management (but the management may
not instruct/curtail their actions)
- Ensure compliance
- Advise the controller, processor, and employees
- Manage risk
- Be a point of contact with supervisory authority
- Communicate with data subjects
- Provide advice on and monitor DPIAs
- Exercise professional secrecy
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download CIPP/E ONLINE PRACTICE EXAM 2025 | ALL QUESTIONS AND CORRECT ANSWERS | VERIFIED ANSWERS and more Exams Database Management Systems (DBMS) in PDF only on Docsity!

CIPP/E ONLINE PRACTICE EXAM 2025 | ALL

QUESTIONS AND CORRECT ANSWERS |

VERIFIED ANSWERS | LATEST VERSION |

ALREADY GRADED A+

What is a DPO? ---------CORRECT ANSWER-----------------A staff member or contractor appointed by the controller processor to ensure and demonstrate compliance with data protection law. When is a DPO required? ---------CORRECT ANSWER------------------ The controller is a public authority

  • Core activities include regular and systematic monitoring on a large scale
  • Core activities consist of large-scale processing a special categories What are a DPO's tasks and responsibilities? ---------CORRECT ANSWER- ----------------- Report to the highest management (but the management may not instruct/curtail their actions)
  • Ensure compliance
  • Advise the controller, processor, and employees
  • Manage risk
  • Be a point of contact with supervisory authority
  • Communicate with data subjects
  • Provide advice on and monitor DPIAs
  • Exercise professional secrecy

What are the controller and processor obligations with respect to the DPO? ---------CORRECT ANSWER------------------ Communicate and involve the DPO in data protection issues

  • Provide resources
  • Provide access
  • Help DPO maintain knowledge
  • Ensure DPO acts independently and only received instructions from the supervisory authority
  • Ensure the DPO is not dismissed or penalized for performing his or her tasks
  • Ensure the DPO has no conflicts of interest
  • Ensure the DPO reports to the highest management What are a controller's obligations with regards to cross-border transfers? -- -------CORRECT ANSWER-----------------(1) have a legal basis to process the data (2) inform data subjects about: ----- Existence or absence of adequacy decision ----- Intent to transfer data internationally ----- Safeguards being used to protect the data
  • Faeroe Islands
  • Guernsey
  • Israel
  • Isle of Man
  • Jersey
  • New Zealand
  • Switzerland
  • United States (data protected by the EU-US Privacy Shield)
  • Uruguay What is the EU-US Privacy Shield? ---------CORRECT ANSWER-------------- ---- Framework designed by the US Dept of Commerce, European Commission, and Swiss government to provide companies with a mechanism for complying with EU data protection requirements when transferring data from the EU to the US.
  • Voluntary, self certification program
  • To qualify, must fall under the authority of the FTC or other US agency
  • Once you certify, you are subject to oversight/enforcement of the FTC
  • Intended to assure adequate protection of personal data of data subjects in the EU

What are the requirements to be a member of the EU-US Privacy Shield? -- -------CORRECT ANSWER------------------ Commit to the US Department of Commerce to adhere to the "Privacy Shield Principles"

  • Publicize that commitment
  • Publicly disclose the organization's privacy policy
  • Implement the "Principles"
  • Annually renew the certification What are the "Privacy Shield Principles"? ---------CORRECT ANSWER------ ------------ Notice
  • Choice
  • Accountability for onward transfers (to countries outside the European Economic Area) and vendor agreements
  • Security
  • Data integrity and purpose limitation
  • Access
  • Recourse, enforcement, and liability What is the recourse for noncompliance with the EU-US Privacy Shield? --- ------CORRECT ANSWER-----------------1st Step: internal complaint- handling process 2nd step: independent dispute resolution 3rd step: Department of Commerce or FTC intervention
  • These are rules for intra-organizational transfers, not transfers to third parties What is the most commonly used "appropriate safeguard" for cross-border transfers? ---------CORRECT ANSWER-----------------Standard contractual clauses (SCCs) a.k.a. "model clauses" What are standard contractual clauses (SCCs)? ---------CORRECT ANSWER-----------------A company in the EEA that wants to send data to a company outside the EEA may use the appropriate standard contractual clauses adopted by the European Commission to send data to a company outside the EEA. Unlike BCRs, which are used within a company, SCCs are used between companies. What are the advantages of standard contractual clauses? --------- CORRECT ANSWER------------------ Cost-effective
  • Straightforward
  • Quick to implement
  • Automatic recognition by DPAs If a pan-European company wishes to create ad hoc contractual clauses in an effort to create appropriate safeguards what must they do to meet GDPR regulatory requirements? ---------CORRECT ANSWER----------------- Get the ad hoc contractual clauses approved by the supervisory authority

What is a derogation? ---------CORRECT ANSWER-----------------An exemption (granted under very limited circumstances) from the prohibition on transferring personal data outside the EEA. Under what circumstances might derogation be granted? ---------CORRECT ANSWER------------------ Explicit consent

  • Where necessary for performance of a contract with the data subject (i.e., data subject wants to book a hotel in a foreign country)
  • Public interest
  • Establishment, exercise, or defensive legal claims
  • Protection of vital interests of the data subject or other persons
  • Transfer from a register of public information
  • Legitimate interests of the controller What are the six purposes of a supervisory authority? ---------CORRECT ANSWER------------------ Promote, monitor, enforce the GDPR
  • Promote awareness
  • Conduct investigations
  • Protect fundamental human rights
  • Draw up annual reports
  • Facilitate free flow of personal data within the EU

In what ways is the GDPR different from the Data Protection Directive? ----- ----CORRECT ANSWER-----------------The GDPR:

  • is directly applicable and enforceable as law
  • provides one set of data protection rules for all
  • allows member states a degree of tailoring
  • forms the European Data Protection Board (EDPB) What are the special categories of personal data? ---------CORRECT ANSWER------------------ racial origin
  • ethic origin
  • political opinions
  • religious beliefs
  • philosophical beliefs
  • trade-union membership
  • genetic data
  • biometric data
  • health data
  • sex life
  • sexual orientation (- criminal convictions and offences can only be processed by authorities with safeguards)

What is a supervisory authority? ---------CORRECT ANSWER----------------- A Data Protection Authority (DPA) - an entity appointed to enforce privacy or data protection laws and regulation in a particular jurisdiction. What is the definition of data processing? ---------CORRECT ANSWER------ -----------Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. What are the GDPR data processing principles? ---------CORRECT ANSWER------------------ Lawfulness, fairness, and transparency of processing

  • Purpose limitation
  • Data minimization and proportionality
  • Data quality and accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability What are the two types of scope needed for the GDPR to apply? --------- CORRECT ANSWER------------------ territorial scope
  • material scope When is territorial scope satisfied? ---------CORRECT ANSWER--------------- --GDPR applies if a controller or processor:

What are the requirements for consent? ---------CORRECT ANSWER-------- ---------- Freely given

  • Clearly distinguishable
  • Intelligible
  • Unambiguous
  • In clear and plain language
  • Invalid if clear imbalance between controller and data subject
  • Service of contract cannot be conditional upon consent
  • Data subject must be informed of controller's identity
  • Data subject must be informed of purpose of processing
  • Data subject must be informed of how processing may affect data subjects
  • Children: parent/guardian consent needed if under 16 (may be lowered by individual member states to 13)
  • Withdrawing consent must be as easy as giving it What are examples of legitimate interests? ---------CORRECT ANSWER---- -------------- Fraud prevention
  • Direct marketing
  • Reporting criminal acts
  • Reporting threats to public security
  • Administrative purposes
  • Information security For what purposes can data be processed without further notification to the data subject? ---------CORRECT ANSWER------------------ Transferring to an archive
  • Statistical purposes
  • Historical or scientific research purposes What are exceptions to processing special categories of data? --------- CORRECT ANSWER------------------ Explicit consent
  • In the context of employment law
  • Protection of vital interests
  • Political, philosophical, and religious purposes
  • Publicly available data
  • Establishment, exercise, or defense of legal claims
  • Substantial public interest (e.g., preventing crime)
  • Preventive or occupational medicine
  • Public health
  • Research or statistical purposes What characteristics must communications with the data subject (such as notices, SARs) have? ---------CORRECT ANSWER------------------ be in an intelligible and easily accessible form
  • Whether the provision of the personal data is a statutory or contractual requirement, as well as whether the data subject is obliged to provide the data
  • Information about the use of automated decision-making What information must be provided to the data subject when the information is obtained INDIRECTLY about the data subject? --------- CORRECT ANSWER------------------ Source of the data must be provided to the data subject
  • All information required so data subject could perform direct collection
  • Must occur within a reasonable time after obtaining data (<1 month) or upon first communication with the data subject when the personal data is used to communicate. What are exceptions to when information must be provided to the data subject when the information is obtained INDIRECTLY about the data subject? ---------CORRECT ANSWER------------------ If impossible or requires disproportionate effort or would render impossible or seriously impair the purpose of the data processing
  • National or EU law provide protections
  • National or EU laws require data to be kept secret What are the data subject's granted rights under the GDPR? --------- CORRECT ANSWER------------------ Right to access
  • Right to rectification
  • Right to data portability
  • Right to erasure
  • Right to restriction
  • Right to object to processing
  • Right to object to direct marketing
  • Right not be subject to fully automated decisions What does a data subject have the right to be told pursuant to a Subject Access Request (SAR)? ---------CORRECT ANSWER------------------ What personal data is being processed
  • The purposes for which the personal data is being processed
  • Who, if anyone, the personal data is disclosed to
  • The extent to which it is using the personal data for making automated decisions relating to the data subject and, if so, what logic is being used for that purpose What does a data subject have the right to receive in terms of actual data pursuant to a Subject Access Request (SAR)? ---------CORRECT ANSWER------------------ Obtain a copy of his personal information being processed
  • But not data that would "adversely affect the rights and freedoms of others" What are the rules surrounding Subject Access Requests (SARs)? --------- CORRECT ANSWER------------------ Free, unless controller is asked to make extra copies of data

When may data subjects request erasure? ---------CORRECT ANSWER----- ------------If:

  • the personal data is no longer necessary for the purpose for which it was collected
  • the processing is based on consent, and consent is withdrawn
  • the processing is based on controller's legitimate interest, the data subject objects to the processing and the controller is unable to demonstrate its legitimate interest
  • If the processing is unlawful
  • If the personal data must be erased for compliance with law
  • If consent was given when the data subject was a child What supplemental exemptions may member states adopt to the right of erasure? ---------CORRECT ANSWER------------------ National security
  • Crime prevention
  • Protection of other's rights and freedoms (including controllers') What is the right to be forgotten? ---------CORRECT ANSWER------------------ Extension of the right of erasure
  • Applies when data has been made public by a controller
  • Original controller must take reasonable steps to request other controllers erase replications of that personal data

What are exceptions to the right of erasure? ---------CORRECT ANSWER--- --------------- Compliance with law for a task in the public interest or as part of the controller's official authority

  • Public health
  • Archiving in the public interest
  • Scientific, historical, or statistical purposes
  • Establishment, exercise, or defense of legal claims What is "restriction of processing"? ---------CORRECT ANSWER--------------- --- Restriction of processing as an alternative to erasure
  • Used when storing personal data is legally required to ensure protection of another person's rights or in the public's interest, however, no further processing may be performed Under what circumstances does a data subject have the right to object to processing? ---------CORRECT ANSWER-----------------When justification for processing is based on:
  • Public interest or legitimate interest
  • Direct marketing purposes
  • Scientific or historical purposes, unless in the public interest What is profiling? ---------CORRECT ANSWER-----------------Automated processing for the purpose of evaluating, analyzing, or predicting personal aspects of a natural person