Question 1

According to the European Data Protection Board, if a controller that is not established in the EU but still subject to the GDPR becomes aware of a personal data breach, which supervisory authority or authorities must be notified?

Options :

A : Only the supervisory authority of the EU member state in which the controller-s EU representative (pursuant to Article 27) is established.

B : Only one lead supervisory authority, as a controller benefits from the one-stop shop mechanism under the GDPR’s enforcement regime.

C : Every supervisory authority of the EU member states where the controller is offering goods or services.

D : Every supervisory authority for which affected data subjects reside in their EU member state.

Answer: A

Question 2

In the event of a data breach, which type of information are data controllers NOT required to provide to either the supervisory authorities or the data subjects?

Options :

A : The predicted consequences of the breach.

B : The measures being taken to address the breach.

C : The type of security safeguards used to protect the data.

D : The contact details of the appropriate data protection officer.

Answer: C

Question 3

A news website based m (he United Slates reports primarily on North American events The website is accessible to any user regardless of location, as the website operator does not block connections from outside of the U.S. The website offers a pad subscription that requires the creation of a user account; this subscription can only be paid in U.S. dollars.

Which of the following explains why the website operator, who is the responsible for all processing related to account creation and subscriptions, is NOT required to comply with the GDPR?

Options :

A : Payments cannot be made in a European Union currency.

B : The controller does not have an establishment in the European Union.

C : The website is not available in several official languages of European Un on Member States

D : The website cannot block connections from outside the U.S. that use a Virtual Private Network (VPN) to simulate a US location.

Answer: B

Question 4

Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?

Options :

A : The European Commission can adopt an adequacy decision for individual companies.

B : The European Commission can adopt, repeal or amend an existing adequacy decision.

C : EU member states are vested with the power to accept or reject a European Commission adequacy decision.

D : To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.

Answer: A

Question 5

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

Options :

A : The service-s infrastructure is shared among the supplier-s customers and can be located in a number of countries.

B : The supplier determines the location, security measures, and service standards applicable to the processing.

C : The supplier allows customer data to be transferred around the infrastructure according to capacity.

D : The supplier assumes the vendor-s business risk associated with data processed by the supplier.

Answer: D

Confidently Practice Online with Free CIPP-E Exam Cram

Buying Options: