IAPP Certified Information Privacy Professional/Europe Exam Practice Test

Page: 1 / 14
Total 250 questions

Question 1

SCENARIO

Please use the following to answer the next question:

BHealthy, a company based in Italy, is ready to launch a new line of natural products, with a focus on sunscreen. The last step prior to product launch is for BHealthy to conduct research to decide how extensively to market its new line of sunscreens across Europe. To do so, BHealthy teamed up with Natural Insight, a company specializing in determining pricing for natural products. BHealthy decided to share its existing customer information -- name, location, and prior purchase history -- with Natural Insight. Natural Insight intends to use this information to train its algorithm to help determine the price point at which BHealthy can sell its new sunscreens.

Prior to sharing its customer list, BHealthy conducted a review of Natural Insight's security practices and concluded that the company has sufficient security measures to protect the contact information. Additionally, BHealthy's data processing contractual terms with Natural Insight require continued implementation of technical and organization measures. Also indicated in the contract are restrictions on use of the data provided by BHealthy for any purpose beyond provision of the services, which include use of the data for continued improvement of Natural Insight's machine learning algorithms.

What is the nature of BHealthy and Natural Insight's relationship?



Answer : A

Question 2

Under Article 80(1) of the GDPR, individuals can elect to be represented by not-for-profit organizations in a privacy group litigation or class action. These organizations are commonly known as?



Answer : A

Question 3

When assessing the level of risk created by a data breach, which of the following would NOT have to be taken into consideration?



Answer : B

Question 4

An organization conducts body temperature checks as a part of COVID-19 monitoring. Body temperature is measured manually and is not followed by registration, documentation or other processing of an individual's personal data.

Which of the following best explain why this practice would NOT be subject to the GDPR?



Answer : B

Question 5

An entity's website stores text files on EU users' computer and mobile device browsers. Prior to doing so, the entity is required to provide users with notices containing information and consent under which of the following frameworks?



Answer : D

Question 6

For which of the following operations would an employer most likely be justified in requesting the data subject's consent?



Answer : A

Question 7

If a data subject puts a complaint before a DPA and receives no information about its progress or outcome, how long does the data subject have to wait before taking action in the courts?



Answer : B

Page:    1 / 14   
Total 250 questions