Online CIPP-E Practice TestMore IAPP Products >

Free IAPP CIPP-E Exam Dumps Questions

IAPP CIPP-E: Certified Information Privacy Professional/Europe (CIPP/E)

- Get instant access to CIPP-E practice exam questions

- Get ready to pass the Certified Information Privacy Professional/Europe (CIPP/E) exam right now using our IAPP CIPP-E exam package, which includes IAPP CIPP-E practice test plus an IAPP CIPP-E Exam Simulator.

- The best online CIPP-E exam study material and preparation tool is here.

4.5

(2955 ratings)

Question 1

SCENARIO
Please use the following to answer the next question:
BHealthy, a company based in Italy, is ready to launch a new line of natural products, with a focus on sunscreen. The last step prior to product launch is for BHealthy to conduct research to decide how extensively to market its new line of sunscreens across Europe. To do so, BHealthy teamed up with Natural Insight, a company specializing in determining pricing for natural products. BHealthy decided to share its existing customer information – name, location, and prior purchase history – with Natural Insight. Natural Insight intends to use this information to train its algorithm to help determine the price point at which BHealthy can sell its new sunscreens.
Prior to sharing its customer list, BHealthy conducted a review of Natural Insight’s security practices and concluded that the company has sufficient security measures to protect the contact information. Additionally, BHealthy’s data processing contractual terms with Natural Insight require continued implementation of technical and organization measures. Also indicated in the contract are restrictions on use of the data provided by BHealthy for any purpose beyond provision of the services, which include use of the data for continued improvement of Natural Insight’s machine learning algorithms.
What is the nature of BHealthy and Natural Insight’s relationship?

A. Natural Insight is BHealthy’s processor because the companies entered into data processing terms.

B. Natural Insight is BHealthy’s processor because BHealthy is sharing its customer information with Natural Insight.

C. Natural Insight is the controller because it determines the security measures to implement to protect data it processes; BHealthy is a co-controller because it engaged Natural Insight to determine pricing for the new sunscreens.

D. Natural Insight is a controller because it is separately determine the purpose of processing when it uses BHealthy’s customer information to improve its machine learning algorithms.

Correct Answer:A

Question 2

An online company’s privacy practices vary due to the fact that it offers a wide variety of services. How could it best address the concern that explaining them all would make the policies incomprehensible?

A. Use a layered privacy notice on its website and in its email communications.

B. Identify uses of data in a privacy notice mailed to the data subject.

C. Provide only general information about its processing activities and offer a toll-free number for more information.

D. Place a banner on its website stipulating that visitors agree to its privacy policy and terms of use by visiting the site.

Correct Answer:B

Question 3

Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?

A. Name and contact details of each controller on behalf of which the processor is acting.

B. Categories of processing carried out on behalf of each controller for which the processor is acting.

C. Details of transfers of personal data to a third country carried out on behalf of each controller for which the processor is acting.

D. Details of any data protection impact assessment conducted in relation to any processing activities carried out by the processor on behalf of each controller for which the processor is acting.

Correct Answer:C

Question 4

SCENARIO
Please use the following to answer the next question:
Liem, an online retailer known for its environmentally friendly shoes, has recently expanded its presence in Europe. Anxious to achieve market dominance, Liem teamed up with another eco friendly company, EcoMick, which sells accessories like belts and bags. Together the companies drew up a series of marketing campaigns designed to highlight the environmental and economic benefits of their products. After months of planning, Liem and EcoMick entered into a data sharing agreement to use the same marketing database, MarketIQ, to send the campaigns to their respective contacts.
Liem and EcoMick also entered into a data processing agreement with MarketIQ, the terms of which included processing personal data only upon Liem and EcoMick’s instructions, and making available to them all information necessary to demonstrate compliance with GDPR obligations.
Liem and EcoMick then procured the services of a company called JaphSoft, a marketing optimization firm that uses machine learning to help companies run successful campaigns. Clients provide JaphSoft with the personal data of individuals they would like to be targeted in each campaign. To ensure protection of its
clients’ data, JaphSoft implements the technical and organizational measures it deems appropriate. JaphSoft works to continually improve its machine learning models by analyzing the data it receives from its clients to determine the most successful components of a successful campaign. JaphSoft then uses such models in providing services to its client-base. Since the models improve only over a period of time as more information is collected, JaphSoft does not have a deletion process for the data it receives from clients. However, to ensure compliance with data privacy rules, JaphSoft pseudonymizes the personal data by removing identifying information from the contact information. JaphSoft’s engineers, however, maintain all contact information in the same database as the identifying information.
Under its agreement with Liem and EcoMick, JaphSoft received access to MarketIQ, which included contact information as well as prior purchase history for such contacts, to create campaigns that would result in the most views of the two companies’ websites. A prior Liem customer, Ms. Iman, received a marketing campaign from JaphSoft regarding Liem’s as well as EcoMick’s latest products. While Ms. Iman recalls checking a box to receive information in the future regarding Liem’s products, she has never shopped EcoMick, nor provided her personal data to that company.
For what reason would JaphSoft be considered a controller under the GDPR?

A. It determines how long to retain the personal data collected.

B. It has been provided access to personal data in the MarketIQ database.

C. It uses personal data to improve its products and services for its client-base through machine learning.

D. It makes decisions regarding the technical and organizational measures necessary to protect the personal data.

Correct Answer:D

Question 5

Under Article 9 of the GDPR, which of the following categories of data is NOT expressly prohibited from data processing?

A. Personal data revealing ethnic origin.

B. Personal data revealing genetic data.

C. Personal data revealing financial data.

D. Personal data revealing trade union membership.

Correct Answer:C

Question 6

How is the GDPR’s position on consent MOST likely to affect future app design and implementation?

A. App developers will expand the amount of data necessary to collect for an app’s functionality.

B. Users will be given granular types of consent for particular types of processing.

C. App developers’ responsibilities as data controllers will increase.

D. Users will see fewer advertisements when using apps.

Correct Answer:B

START CIPP-E EXAM