Free IAPP CIPP-E Exam Questions

Become IAPP Certified with updated CIPP-E exam questions and correct answers

Page:    1 / 61      
Total 305 Questions | Updated On: Jan 26, 2025
Add To Cart
Question 1

The European Data Protection Board (EDPB) recommends measures to supplement transfer tools, in order to ensure compliance with the European Union (EU) level of personal data protection. According to these recommendations, what additional actions should be taken when a transfer to a third country is based upon an adequacy decision?


Answer: D
Question 2

SCENARIO

Please use the following to answer the next question:
Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a significant data breach. The executive board, in coordination with the general manager, their Privacy Office and the Information Security team, resolved to adopt additional security measures. These included training awareness programs, a cybersecurity audit, and use of a new software tool called SecurityScan, which scans employees' computers to see if they have software that is no longer being supported by a vendor and therefore not getting security updates. However, this software also provides other features, including the monitoring of employees' computers.

Since these measures would potentially impact employees, Building Block's Privacy Office decided to issue a general notice to all employees indicating that the company will implement a series of initiatives to enhance information security and prevent future data breaches.

After the implementation of these measures, server performance decreased. The general manager instructed the Security team on how to use SecurityScan to monitor employees' computers activity and their location. During these activities, the Information Security team discovered that one employee from Italy was daily connecting to a video library of movies, and another one from Germany worked remotely without authorization. The Security team reported these incidents to the Privacy Office and the general manager. In their report, the team concluded that the employee from Italy was the reason why the server performance decreased. Due to the seriousness of these infringements, the company decided to apply disciplinary measures to both employees, since the security and privacy policy of the company prohibited employees from installing software on the company's computers, and from working remotely without authorization.

To comply with the GDPR, what should Building Block have done as a first step before implementing the SecurityScan measure?


Answer: C
Question 3

An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?


Answer: A
Question 4

A German data subject was the victim of an embarrassing prank 20 years ago. A newspaper website published an article about the prank at the time, and the article is still available on the newspaper's website. Unfortunately, the prank is the top search result when a user searches on the victim's name. The data subject requests that SearchCo delist this result. SearchCo agrees, and instructs its technology team to avoid scanning or indexing the article. What else must SearchCo do?


Answer: A
Question 5

The GDPR forbids the practice of "forum shopping", which occurs when companies do what?


Answer: B
Page:    1 / 61      
Total 305 Questions | Updated On: Jan 26, 2025
Add To Cart

© Copyrights DumpsCertify 2025. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the DumpsCertify.