Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Certified Information Privacy Professional CIPP-E Reddit Questions

Page: 11 / 19
Question 44

Assuming that the “without undue delay” provision is followed, what is the time limit for complying with a data access request?

Options:

A.

Within 40 days of receipt

B.

Within 40 days of receipt, which may be extended by up to 40 additional days

C.

Within one month of receipt, which may be extended by up to an additional month

D.

Within one month of receipt, which may be extended by an additional two months

Question 45

SCENARIO

Please use the following to answer the next question:

Louis, a long-time customer of Bedrock Insurance, was involved in a minor car accident a few months ago. Although no one was hurt, Louis has been plagued by texts and calls from a company called Accidentable offering to help him recover compensation for personal injury. Louis has heard about insurance companies selling customers’ data to third parties, and he’s convinced that Accidentable must have gotten his information from Bedrock Insurance.

Louis has also been receiving an increased amount of marketing information from Bedrock, trying to sell him their full range of their insurance policies.

Perturbed by this, Louis has started looking at price comparison sites on the internet and has been shocked to find that other insurers offer much cheaper rates than Bedrock, even though he has been a loyal customer for many years. When his Bedrock policy comes up for renewal, he decides to switch to Zantrum Insurance.

In order to activate his new insurance policy, Louis needs to supply Zantrum with information about his No Claims bonus, his vehicle and his driving history. After researching his rights under the GDPR, he writes to ask Bedrock to transfer his information directly to Zantrum. He also takes this opportunity to ask Bedrock to stop using his personal data for marketing purposes.

Bedrock supplies Louis with a PDF and XML (Extensible Markup Language) versions of his No Claims Certificate, but tells Louis it cannot transfer his data directly to Zantrum as this is not technically feasible. Bedrock also explains that Louis’s contract included a provision whereby Louis agreed that his data could be used for marketing purposes; according to Bedrock, it is too late for Louis to change his mind about this. It angers Louis when he recalls the wording of the contract, which was filled with legal jargon and very confusing.

In the meantime, Louis is still receiving unwanted calls from Accidentable Insurance. He writes to Accidentable to ask for the name of the organization that supplied his details to them. He warns Accidentable that he plans to complain to the data protection authority, because he thinks their company has been using his data unlawfully. His letter states that he does not want his data being used by them in any way.

Accidentable’s response letter confirms Louis’s suspicions. Accidentable is Bedrock Insurance’s wholly owned subsidiary, and they received information about Louis’s accident from Bedrock shortly after Louis submitted his accident claim. Accidentable assures Louis that there has been no breach of the GDPR, as Louis’s contract included, a provision in which he agreed to share his information with Bedrock’s affiliates for business purposes.

Louis is disgusted by the way in which he has been treated by Bedrock, and writes to them insisting that all his information be erased from their computer system.

Which statement accurately summarizes Bedrock’s obligation in regard to Louis’s data portability request?

Options:

A.

Bedrock does not have a duty to transfer Louis’s data to Zantrum if doing so is legitimately not technically feasible.

B.

Bedrock does not have to transfer Louis’s data to Zantrum because the right to data portability does not apply where personal data are processed in order to carry out tasks in the public interest.

C.

Bedrock has failed to comply with the duty to transfer Louis’s data to Zantrum because the duty applies wherever personal data are processed by automated means and necessary for the performance of a contract with the customer.

D.

Bedrock has failed to comply with the duty to transfer Louis’s data to Zantrum because it has an obligation to develop commonly used, machine-readable and interoperable formats so that all customer data can be ported to other insurers on request.

Question 46

Select the answer below that accurately completes the following:

“The right to compensation and liability under the GDPR…

Options:

A.

…provides for an exemption from liability if the data controller (or data processor) proves that it is not in any way responsible for the event giving rise to the damage.”

B.

…precludes any subsequent recourse proceedings against other controllers or processors involved in the same processing.”

C.

...can only be exercised against the data controller, even if a data processor was involved in the same processing.”

D.

…is limited to a maximum amount of EUR 20 million per event of damage or loss.”

Question 47

Under Article 80(1) of the GDPR, individuals can elect to be represented by not-for-profit organizations in a privacy group litigation or class action. These organizations are commonly known as?

Options:

A.

Law firm organizations.

B.

Civil society organizations.

C.

Human rights organizations.

D.

Constitutional rights organizations.

Page: 11 / 19
Exam Code: CIPP-E
Exam Name: Certified Information Privacy Professional/Europe (CIPP/E)
Last Update: Nov 21, 2024
Questions: 268
CIPP-E pdf

CIPP-E PDF

$28  $80
CIPP-E Engine

CIPP-E Testing Engine

$33.25  $95
CIPP-E PDF + Engine

CIPP-E PDF + Testing Engine

$45.5  $130