• Home
  • Articles
  • [Q106-Q127] Get 100% Passing Success With True CIPP-E Exam! [Oct-2021]

[Q106-Q127] Get 100% Passing Success With True CIPP-E Exam! [Oct-2021]

Share

Get 100% Passing Success With True CIPP-E Exam! [Oct-2021] 

IAPP CIPP-E PDF Questions - Exceptional Practice To Certified Information Privacy Professional/Europe (CIPP/E)

NEW QUESTION 106
SCENARIO
Please use the following to answer the next question:
T-Craze, a German-headquartered specialty t-shirt company, was successfully selling to large German metropolitan cities. However, after a recent merger with another German-based company that was selling to a broader European market, T-Craze revamped its marketing efforts to sell to a wider audience. These efforts included a complete redesign of its logo to reflect the recent merger, and improvements to its website meant to capture more information about visitors through the use of cookies.
T-Craze also opened various office locations throughout Europe to help expand its business. While Germany continued to host T-Craze's headquarters and main product-design office, its French affiliate became responsible for all marketing and sales activities. The French affiliate recently procured the services of Right Target, a renowned marketing firm based in the Philippines, to run its latest marketing campaign. After thorough research, Right Target determined that T-Craze is most successful with customers between the ages of 18 and 22. Thus, its first campaign targeted university students in several European capitals, which yielded nearly 40% new customers for T-Craze in one quarter. Right Target also ran subsequent campaigns for T- Craze, though with much less success.
The last two campaigns included a wider demographic group and resulted in countless unsubscribe requests, including a large number in Spain. In fact, the Spanish data protection authority received a complaint from Sofia, a mid-career investment banker. Sofia was upset after receiving a marketing communication even after unsubscribing from such communications from the Right Target on behalf of T-Craze.
Which of the following is T-Craze's lead supervisory authority?

  • A. France, because that is where T-Craze conducts processing of personal information.
  • B. Germany, because that is where T-Craze is headquartered.
  • C. Spain, because that is T-Craze's primary market based on its marketing campaigns.
  • D. T-Craze may choose its lead supervisory authority where any of its affiliates are based, because it has presence in several European countries.

Answer: C

 

NEW QUESTION 107
Under Article 9 of the GDPR, which of the following categories of data is NOT expressly prohibited from data processing?

  • A. Personal data revealing genetic data.
  • B. Personal data revealing financial data.
  • C. Personal data revealing ethnic origin.
  • D. Personal data revealing trade union membership.

Answer: B

 

NEW QUESTION 108
Under what circumstances might the "soft opt-in" rule apply in relation to direct marketing?

  • A. Where an individual is given the ability to unsubscribe from marketing emails sent to him.
  • B. Where an individual's details have been obtained from a bought-in marketing list.
  • C. When an individual has not consented to the marketing.
  • D. When an individual's details are obtained from their inquiries about buying a product.

Answer: D

 

NEW QUESTION 109
If a multi-national company wanted to conduct background checks on all current and potential employees, including those based in Europe, what key provision would the company have to follow?

  • A. Background checks on employees could be performed only under prior notice to all employees.
  • B. Background checks are only authorized with prior notice and express consent from all employees including those based in Europe.
  • C. Background checks may not be allowed on European employees, but the company can create lists based on its legitimate interests, identifying individuals who are ineligible for employment.
  • D. Background checks on European employees will stem from data protection and employment law, which can vary between member states.

Answer: D

 

NEW QUESTION 110
How is the GDPR's position on consent MOST likely to affect future app design and implementation?

  • A. Users will see fewer advertisements when using apps.
  • B. App developers will expand the amount of data necessary to collect for an app's functionality.
  • C. App developers' responsibilities as data controllers will increase.
  • D. Users will be given granular types of consent for particular types of processing.

Answer: D

 

NEW QUESTION 111
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?

  • A. The obligation of companies to declare data breaches.
  • B. The necessity of the bulk collection of personal data by the government.
  • C. The requirement to demonstrate compliance to a supervisory authority.

Answer: C

 

NEW QUESTION 112
Under the GDPR, which essential pieces of information must be provided to data subjects before collecting their personal data?

  • A. The authority by which the controller is collecting the data and the third parties to whom the data will be sent.
  • B. The name/s of relevant government agencies involved and the steps needed for revising the data.
  • C. The contact information of the controller and a description of the retention policy.
  • D. The identity and contact details of the controller and the reasons the data is being collected.

Answer: D

 

NEW QUESTION 113
To which of the following parties does the territorial scope of the GDPR NOT apply?

  • A. All member countries party to the Treaty of Lisbon.
  • B. All member countries party to the Paris Agreement.
  • C. All member countries of the European Economic Area.
  • D. All member countries of the European Union.

Answer: C

 

NEW QUESTION 114
Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?

  • A. The European Parliament
  • B. The European Commission
  • C. The Council of the European Union
  • D. The European Council

Answer: C

 

NEW QUESTION 115
SCENARIO
Please use the following to answer the next question:
Outliers Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Jonathan, suspects that this is partly due to the company's outdated website. After doing some research, he meets with a sales representative from the up-and-coming IT company ZenFiTech, hoping that they can design a new, cutting-edge website for Outliers Inc.'s foundering business.
During negotiations, a ZenFiTech representative describes a plan for gathering more customer information through detailed questionnaires, which could be used to tailor their preferences to specific travel destinations. Outliers Inc. can choose any number of data categories - age, income, ethnicity - that would help them best accomplish their goals. Jonathan loves this idea, but would also like to have some way of gauging how successful this approach is, especially since the questionnaires will require customers to provide explicit consent to having their data collected. The ZenFiTech representative suggests that they also run a program to analyze the new website's traffic, in order to get a better understanding of how customers are using it. He explains his plan to place a number of cookies on customer devices. The cookies will allow the company to collect IP addresses and other information, such as the sites from which the customers came, how much time they spend on the Outliers Inc. website, and which pages on the site they visit. All of this information will be compiled in log files, which ZenFiTech will analyze by means of a special program. Outliers Inc. would receive aggregate statistics to help them evaluate the website's effectiveness. Jonathan enthusiastically engages ZenFiTech for these services.
If Outliers Inc. decides not to report the incident to the supervisory authority, what would be their BEST defense?

  • A. The sensitivity of the categories of data involved in the incident was not substantial enough.
  • B. The resulting obligation to notify data subjects would involve disproportionate effort.
  • C. The incident resulted from the actions of a third-party that were beyond their control.
  • D. The destruction of the stolen data makes any risk to the affected data subjects unlikely.

Answer: C

 

NEW QUESTION 116
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?

  • A. A company wants to use location data to infer information on a person's clothes purchasing habits.
  • B. A company wants to build a dating app that creates candidate profiles based on location data and data from third-party sources.
  • C. A company wants to combine location data with other data in order to offer more personalized service for the customer.
  • D. A company wants to use location data to track delivery trucks in order to make the routes more efficient.

Answer: B

Explanation:
Explanation/Reference: http://webcache.googleusercontent.com/search?q=cache:aQkU17eX9sQJ:https:// www.shlegal.com/insights/article-29-data-protection-working-party-gdpr-guidelines-on-data-protection-impact- assessments&client=firefox-b-e&hl=en&gl=pk&strip=1&vwsrc=0

 

NEW QUESTION 117
Company X has entrusted the processing of their payroll data to Provider Y.
Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?

  • A. The public
  • B. Company X
  • C. The supervisory authority
  • D. Law enforcement

Answer: D

 

NEW QUESTION 118
Which of the following would require designating a data protection officer?

  • A. Processing is carried out by an organization employing 250 persons or more.
  • B. Processing is carried out for the purpose of providing for-profit goods or services to individuals in the EU.
  • C. The core activities of the controller or processor consist of processing operations that require systematic monitoring of data subjects on a large scale.
  • D. The core activities of the controller or processor consist of processing operations of financial information or information relating to children.

Answer: C

 

NEW QUESTION 119
Under the GDPR, which essential pieces of information must be provided to data subjects before collecting their personal data?

  • A. The authority by which the controller is collecting the data and the third parties to whom the data will be sent.
  • B. The name/s of relevant government agencies involved and the steps needed for revising the data.
  • C. The contact information of the controller and a description of the retention policy.
  • D. The identity and contact details of the controller and the reasons the data is being collected.

Answer: D

Explanation:
Explanation/Reference: https://gdpr-info.eu/art-13-gdpr/

 

NEW QUESTION 120
Read the following steps:
* Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices
* Monitor and analyze the apps and devices for compliance
* Manage application life cycles
* Monitor data sharing
An organization should perform these steps to do which of the following?

  • A. Pursue a GDPR-compliant Privacy by Design process.
  • B. Maintain a secure Bring Your Own Device (BYOD) program.
  • C. Institute a GDPR-compliant employee monitoring process.
  • D. Ensure cloud vendors are complying with internal data use policies.

Answer: B

 

NEW QUESTION 121
What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?

  • A. The processor will be considered to be a controller in respect of the processing concerned
  • B. The processor will be liable to pay compensation to affected data subjects
  • C. The controller will be required to demonstrate that the unauthorized processing negatively affected one or more of the parties involved
  • D. The controller will be liable to pay an administrative fine

Answer: B

Explanation:
Explanation/Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection- regulation-gdpr/key-definitions/controllers-and-processors/

 

NEW QUESTION 122
What should a controller do after a data subject opts out of a direct marketing activity?

  • A. Without exception, securely delete all personal data relating to the data subject.
  • B. Without undue delay, provide information to the data subject on the action that will be taken.
  • C. Take reasonable steps to inform third-party recipients that the data subject's personal data should be deleted and no longer processed.
  • D. Refrain from processing personal data relating to the data subject for the relevant type of communication.

Answer: D

 

NEW QUESTION 123
Article 9 of the GDPR lists exceptions to the general prohibition against processing biometric dat a. Which of the following is NOT one of these exceptions?

  • A. The processing is necessary to protect the vital interests of the data subject when he or she is incapable of giving consent.
  • B. The processing is necessary for the establishment, exercise or defense of legal claims when courts are acting in a judicial capacity.
  • C. The processing is explicitly consented to by the data subject and he or she is allowed by Union or Member State law to lift the prohibition.
  • D. The processing is done by a non-profit organization and the results are disclosed outside the organization.

Answer: D

 

NEW QUESTION 124
Read the following steps:
Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices Monitor and analyze the apps and devices for compliance Manage application life cycles Monitor data sharing An organization should perform these steps to do which of the following?

  • A. Pursue a GDPR-compliant Privacy by Design process.
  • B. Maintain a secure Bring Your Own Device (BYOD) program.
  • C. Institute a GDPR-compliant employee monitoring process.
  • D. Ensure cloud vendors are complying with internal data use policies.

Answer: B

 

NEW QUESTION 125
With respect to international transfers of personal data, the European Data Protection Board (EDPB) confirmed that derogations may be relied upon under what condition?

  • A. Only as a last resort and when interpreted restrictively.
  • B. Only if the Data Protection Impact Assessment (DPIA) shows low risk.
  • C. When it has been determined that adequate protection can be performed.
  • D. If the data controller has received preapproval from a Data Protection Authority (DPA), after submitting the appropriate documents.

Answer: C

 

NEW QUESTION 126
What permissions are required for a marketer to send an email marketing message to a consumer in the EU?

  • A. No prior permission required, but an opt-out requirement on all emails sent to consumers.
  • B. A pre-checked box stating that the consumer agrees to receive email marketing.
  • C. A notice that the consumer's email address will be used for marketing purposes.
  • D. A prior opt-in consent for consumers unless they are already customers.

Answer: D

 

NEW QUESTION 127
......

CIPP-E dumps - TroytecDumps - 100% Passing Guarantee: https://www.troytecdumps.com/CIPP-E-troytec-exam-dumps.html

Fast, Hands-On CIPP-E exam: https://drive.google.com/open?id=13s4qc1X5GNC-vzI95eP4ntXInovXGKb3

Related Articles

more
IAPP CIPP-E Certification Practice Exam

Copyright © 2026 TroytecDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
TroytecDumps doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
TroytecDumps material do not contain actual actual Oracle Exam Questions or material.
TroytecDumps doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
TroytecDumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
TroytecDumps.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. TroytecDumps does not own or claim any ownership on any of the brands.