Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Practice questions and answers related to data protection milestones, European Council, Council of the EU, European Commission, personal data, GDPR, privacy notices, security measures, and more. The questions cover various aspects of data protection and privacy laws and regulations in the EU. useful for students and professionals preparing for CIPP/E IAPP certification exams or seeking to improve their knowledge of data protection and privacy laws in the EU.
Typology: Exams
1 / 128
Which of the following data protection milestones is a treaty among member states of the Council of Europe: -Data Retention Directive -Charter of Fundamental Rights
-Convention 108 -e-Privacy Directive -GDPR - ✔️✔️ Convention 108 Which of the following data protection milestones applies to public electronics communications services and networks? -Data Retention Directive -Charter of Fundamental Rights -Convention 108
-e-Privacy Directive -GDPR - ✔️✔️ e-Privacy Directive The Universal Declaration of Human Rights is a product of which institution? -The United Nations -The Council of Europe -The European Union - ✔️✔️ The United Nations
Which European institutions is composed of 47 member states? -The Council of Europe -The European Union -The European Economic Area - ✔️✔️ The Council of Europe Chose the characteristic that describes the European Parliament. -Is responsible for legislative development, supervisory oversight
of other institutions, and development of the budget -Defines the EU priorities and sets the political direction for the EU. - ✔️✔️ Defines the EU priorities and sets the political direction for the EU Choose the characteristic that describes the European Council. -Sets the overall political agenda of the EU
-Negotiates and adopts laws - ✔️✔️ Sets the overall political agenda of the EU. Choose the characteristic that describes the Council of the EU -Is sometimes described as the executive body of the EU -Is one of the main decision-making bodies of the EU - ✔️✔️ Is one of the
main decision making bodies of the EU. Choose the characteristic that describes the European Commission. -Has the power to propose legislation -Is composed of a directly elected body - ✔️✔️ Has the power to propose legislation
Choose the characteristic that describes the Court of Justice of the EU -Makes decisions on issues of EU law -Is based in Strasbourg - ✔️✔️ Makes decisions on issues of EU law. What is the function of the 4 step test?
-Determine if data qualifies as personal data -Determine i personal data is anonymous -Determine if personal date belongs to special categories -Determine if personal data is pseudonymous. - ✔️✔️ Determine if data qualifies as personal data
Which criteria are used to identify personal data? Select all that apply -natural person -an identified or identifiable -any information -relating to oor anonymous - ✔️✔️ All EXCEPT "or anonymous
Select the types of personal data elements that belong to special categories under the GDPR. -Personal data revealing religious or philosophical beliefs -Data relating to personal interests and hobbies -Data concerning health -Personal data revealing political opinions
-Personal data revealing financial information -Genetic data used to uniquely identify a natural person - ✔️✔️ All EXCEPT -personal interests and hobbies -financial information True or False: Personal data either belongs to special categories or does
not. There is no grey area. - ✔️✔️ False True or False: Anonymising personal data is always possible. - ✔️✔️ False True or false: Pseudonymous data is protected by the GDPR. - ✔️✔️ True True or false: A data controller may be a natural person or a legal entity,
while a data processor must be a legal entity. - ✔️✔️ False True or false: a contract protects a processor from being held to the same legal obligations as the controller. - ✔️✔️ False True or False: A processor may decide wehre and how to process personal data. - ✔️✔️ False
True or false: When personal data is being processed, there is always a controller. - ✔️✔️ True What is data processing: -Any action involved in securing and protecting data -Any action performed upon data -Any action involved in collecting personal data
-Any action that adapts or alters data. - ✔️✔️ Any action performed upon data. What are the criteria used to determine the territorial scope of the GDPR: Select all that apply. -Processing of personal data of EU subjects relating to offering goods or services or monitoring behaviour
-Processing of personal data by a controller not established in the EU but in a place where member state law applies -Processing of personal data when a controller or processor is established in the EU - ✔️✔️ All. Which of the following fall under the material scope of the GDPR? Select all that apply.
-processing personal data without human intervention -processing anonymous data -Processing personal data that forms part of a filing system. - ✔️✔️ All EXCEPT anonymous data Exclusions to the material scope of GDPR should be interpreted broadly. True or false? - ✔️✔️ False
True or false: At least three of the legitimate processing criteria within the GDPR must ve met for personal data to be processed legally. - ✔️✔️ False Read the following and select all the GDPR principles that have been violated: An access control system used by an organization's
maintenance team for building security is later used by a manager in a different department to determine if employees are arriving late for work. The employees are not informed of this new processing action, and the manager does not create consistent records of the processing activities. -Integrity and confidentiality -Accountability
-Data quality and accuracy - ✔️✔️ This violates -Integrity and confidentiality Accountability Which legitimate processing criteria is commonly used when a customer purchases a good or service? -Consent -Vital interests -Contract - ✔️✔️ Contract
Which exception to the prohibition on processing special categories of data must be explicit? -Vital interests -Publicly available data -Consent - ✔️✔️ Consent Select all that are potential solutions to lengthy privacy notices.
-Key notices -Standardized Icons -Terms of Agreement -Just in time notices -Layered privacy notices - ✔️✔️ All EXCEPT -Key notices -Terms of Agreement
True of False: A controller may charge an administrative fee to data subjects if they request that the information provision be in oral format. - ✔️✔️ False Privacy notices should use visualisation where appropriate. True or false? - ✔️✔️ True
True or false: Information provided to data subjects about the processing of their personal data should be written in clear and plain language that is understandable. - ✔️✔️ True True or false: The transparency principle states that detail is more important that conciseness in a privacy notice. - ✔️✔️ False