Confidently Practice Online with Free DCPLA Exam Cram

Classify the following scenario as major or minor non-conformity. “The organization defined information access and usage policy and rolled it out across the organization. No formal exercise, however, was conducted to prepare the policy. During implementation, certain discrepancies came out and these were addressed through appropriate policy revisions, though this created a lot of hue and cry in the organization and the policy was criticized for adversely affecting productivity. But with appropriate revisions and passage of time, the policy has been accepted. In a recently conducted external audit, one incident has come to light wherein the usage and access policy has been violated by an employee twice. As per the auditor, this incident should have been identified by the organization. In its explanation to the auditor, the management informed that appropriate access and usage monitoring mechanisms have been put in place but admitted that there may have been some lapses.”

With respect to privacy monitoring and incident management process, which of the following should be a part of

a standard incident handling process?

I. Incident identification and notification

II. Investigation and remediation

III. Root cause analysis

IV. User awareness training on how to report incidents

‘Map the legal and compliance requirements to each data element that an organization is dealing with in all of its business processes, enterprise and operational functions, and client relationships.’ This an imperative of which DPF practice area?

A newly appointed Data Protection officer is reviewing the organization’s existing privacy policy. Which of the following would be the most critical factor for the review process?

The method of personal data usage in which the users must explicitly decide not to participate.