Download Latest DCPP-01 Questions

Page: 3 / 4

Question 12

A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For the outsourced work of its customers’ data processing, in order to initiate data transfer to another organizations outside EU, which is the most appropriate among the following?

Options:

The vendor (data importer) in the third country, and not the exporter is responsible to put in place suitable model contractual clauses, and hence the exporter does not need to take any action.

Since the data is processed by the vendor outside the EU, the EU directive does not apply and hence there are no legal concerns

The data exporter needs to initiate model contractual clauses after obtaining approvals from data protection commissioner and have the vendor be a signatory on the same as data importer

The data importer need to notify about the transfer to data protection commissioner in the destination country and exporter need to similarly notify in the EU country of origin

Question 13

APPI, the Act for the Protection of Personal Information, applies to:

Options:

Government entities using personal information

Personal Information about an individual that is used by a business

None of the above

Question 14

According to the privacy statement of an organization, which of the following words is true?

Options:

The Information Technology (Amendment) Act, 2008 does not require the publication of privacy policies on websites in India

The content of an organization's online privacy statement will be influenced by the applicable laws, and may need to address requirements across geographic boundaries and legal jurisdictions

A privacy statement demonstrates to stakeholders how an organization gathers, uses, discloses, and manages personal information

In order to follow privacy laws, it is mandatory that there is a phone contact information for the organization's owner in the online privacy statement so that customers can reach out in case of a concern or incident, which can be managed online

Question 15

What is not a compulsory pre-requisite before a company with headquarters in the EU transfers sensitive personal data to its Asian subsidiaries?