- Home
- IAPP
- Certified Information Privacy Professional/Europe (CIPP/E)
- IAPP.CIPP-E.v2024-06-20.q123
- Question 46
Valid CIPP-E Dumps shared by ExamDiscuss.com for Helping Passing CIPP-E Exam! ExamDiscuss.com now offer the newest CIPP-E exam dumps, the ExamDiscuss.com CIPP-E exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CIPP-E dumps with Test Engine here:
Access CIPP-E Dumps Premium Version
(298 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 46/123
A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is the company first required to do?
Correct Answer: A
According to the GDPR, consent is one of the lawful bases for processing personal data1. Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her2. Therefore, consent must be specific to each purpose of processing and cannot be bundled with other purposes3. If a company wants to use personal data for a new purpose that is not compatible with the original purpose for which consent was given, it must obtain a new consent from the data subjects for the new processing4. Simply informing the data subjects of the new purpose or updating the privacy notice is not sufficient, as it does not imply the data subject's agreement to the new processing. Proceeding with the new processing without obtaining a new consent would be unlawful and could result in fines and sanctions5. Reference:
Free CIPP/E Study Guide, page 23, section 4.1.1
GDPR, Article 4 (11)
GDPR, Recital 32
GDPR, Article 6 (4)
GDPR, Article 83 (5) (a)
Free CIPP/E Study Guide, page 23, section 4.1.1
GDPR, Article 4 (11)
GDPR, Recital 32
GDPR, Article 6 (4)
GDPR, Article 83 (5) (a)
- Question List (123q)
- Question 1: According to the European Data Protection Board, which of th...
- Question 2: Since blockchain transactions are classified as pseudonymous...
- Question 3: SCENARIO Please use the following to answer the next questio...
- Question 4: SCENARIO Please use the following to answer the next questio...
- Question 5: Tanya is the Data Protection Officer for Curtains Inc., a GD...
- Question 6: The transparency principle is most directly related to which...
- Question 7: Under what circumstances would the GDPR apply to personal da...
- Question 8: SCENARIO Please use the following to answer the next questio...
- Question 9: Read the following steps: Discover which employees are acces...
- Question 10: What is true if an employee makes an access request to his e...
- Question 11: Which of the following is one of the supervisory authority's...
- Question 12: To provide evidence of GDPR compliance, a company performs a...
- Question 13: What is a reason the European Court of Justice declared the ...
- Question 14: What is the most frequently used mechanism for legitimizing ...
- Question 15: SCENARIO Please use the following to answer the next questio...
- Question 16: An unforeseen power outage results in company Z's lack of ac...
- Question 17: When is data sharing agreement MOST likely to be needed?...
- Question 18: Which of the following would NOT be relevant when determinin...
- Question 19: Which marketing-related activity is least likely to be cover...
- Question 20: Which of the following is NOT considered a fair processing p...
- Question 21: When does the GDPR provide more latitude for a company to pr...
- Question 22: Which change was introduced by the 2009 amendments to the e-...
- Question 23: SCENARIO Please use the following to answer the next questio...
- Question 24: Which area of privacy is a lead supervisory authority's (LSA...
- Question 25: MagicClean is a web-based service located in the United Stat...
- Question 26: Please use the following to answer the next question: Wonder...
- Question 27: Which of the following was the first to implement national l...
- Question 28: Which of the following Convention 108+ principles, as amende...
- Question 29: SCENARIO Please use the following to answer the next questio...
- Question 30: Which of the following entities would most likely be exempt ...
- Question 31: Which GDPR principle would a Spanish employer most likely de...
- Question 32: SCENARIO Please use the following to answer the next questio...
- Question 33: SCENARIO Please use the following to answer the next questio...
- Question 34: SCENARIO Please use the following to answer the next questio...
- Question 35: SCENARIO Please use the following to answer the next questio...
- Question 36: Which of the following is NOT exempt from the material scope...
- Question 37: Under the GDPR, which essential pieces of information must b...
- Question 38: SCENARIO Please use the following to answer the next questio...
- Question 39: What are the obligations of a processor that engages a sub-p...
- Question 40: SCENARIO Please use the following to answer the next questio...
- Question 41: SCENARIO Please use the following to answer the next questio...
- Question 42: What type of data lies beyond the scope of the General Data ...
- Question 43: Bioface is a company based in the United States. It has no s...
- Question 44: SCENARIO Please use the following to answer the next questio...
- Question 45: The GDPR specifies fines that may be levied against data con...
- Question 46: A company has collected personal data tor direct marketing p...
- Question 47: After detecting an intrusion involving the theft of unencryp...
- Question 48: SCENARIO Please use the following to answer the next questio...
- Question 49: Which of the following describes a mandatory requirement for...
- Question 50: A data controller appoints a data protection officer. Which ...
- Question 51: Based on GDPR Article 35, which of the following situations ...
- Question 52: Which statement provides an accurate description of a direct...
- Question 53: A homeowner has installed a motion-detecting surveillance sy...
- Question 54: For which of the following operations would an employer most...
- Question 55: SCENARIO Please use the following to answer the next questio...
- Question 56: SCENARIO Please use the following to answer the next questio...
- Question 57: When collecting personal data in a European Union (EU) membe...
- Question 58: What is the primary purpose of Convention 108+, which amends...
- Question 59: SCENARIO Please use the following to answer the next questio...
- Question 60: With the issue of consent, the GDPR allows member states som...
- Question 61: What permissions are required for a marketer to send an emai...
- Question 62: In which situation would a data controller most likely be ab...
- Question 63: It a company receives an anonymous email demanding ransom fo...
- Question 64: Which mechanism, new to the GDPR, now allows for the possibi...
- Question 65: SCENARIO Please use the following to answer the next questio...
- Question 66: When may browser settings be relied upon for the lawful appl...
- Question 67: Two companies, Gellcoat and Freifish, make plans to launch a...
- Question 68: Which sentence BEST summarizes the concepts of "fairness," "...
- Question 69: SCENARIO Please use the following to answer the next questio...
- Question 70: Which of the following is NOT an explicit right granted to d...
- Question 71: In the wake of the Schrems II ruling, which of the following...
- Question 72: SCENARIO Please use the following to answer the next questio...
- Question 73: SCENARIO Please use the following to answer the next questio...
- Question 74: How is the retention of communications traffic data for law ...
- Question 75: If two controllers act as joint controllers pursuant to Arti...
- Question 76: With respect to international transfers of personal data, th...
- Question 77: In addition to the European Commission, who can adopt standa...
- Question 78: SCENARIO Please use the following to answer the next questio...
- Question 79: A dynamic Internet Protocol (IP) address is considered perso...
- Question 80: How is the GDPR's position on consent MOST likely to affect ...
- Question 81: Which of the following would require designating a data prot...
- Question 82: Company X has entrusted the processing of their payroll data...
- Question 83: SCENARIO Please use the following to answer the next questio...
- Question 84: Which of the following demonstrates compliance with the acco...
- Question 85: Article 29 Working Party has emphasized that the GDPR forbid...
- Question 86: What is the key difference between the European Council and ...
- Question 87: SCENARIO Please use the following to answer the next questio...
- Question 88: SCENARIO Please use the following to answer the next questio...
- Question 89: SCENARIO Please use the following to answer the next questio...
- Question 90: SCENARIO Please use the following to answer the next questio...
- Question 91: Under the GDPR, where personal data is not obtained directly...
- Question 92: What was the aim of the European Data Protection Directive 9...
- Question 93: Which judicial body makes decisions on actions taken by indi...
- Question 94: SCENARIO Please use the following to answer the next questio...
- Question 95: According to Article 14 of the GDPR, how long does a control...
- Question 96: WP29's "Guidelines on Personal data breach notification unde...
- Question 97: SCENARIO Please use the following to answer the next questio...
- Question 98: SCENARIO Please use the following to answer the next questio...
- Question 99: To receive a preliminary interpretation on provisions of the...
- Question 100: Under the GDPR, who would be LEAST likely to be allowed to e...
- Question 101: Which of the following countries will continue to enjoy adeq...
- Question 102: SCENARIO Please use the following to answer the next questio...
- Question 103: An organisation receives a request multiple times from a dat...
- Question 104: SCENARIO Please use the following to answer the next questio...
- Question 105: SCENARIO Please use the following to answer the next questio...
- Question 106: An organization conducts body temperature checks as a part o...
- Question 107: In the event of a data breach, which type of information are...
- Question 108: The European Parliament jointly exercises legislative and bu...
- Question 109: SCENARIO Please use the following to answer the next questio...
- Question 110: SCENARIO Please use the following to answer the next questio...
- Question 111: SCENARIO Please use the following to answer the next questio...
- Question 112: Select the answer below that accurately completes the follow...
- Question 113: What was the main failing of Convention 108 that led to the ...
- Question 114: SCENARIO Please use the following to answer the next questio...
- Question 115: According to Art 23 GDPR, which of the following data subjec...
- Question 116: SCENARIO Please use the following to answer the next questio...
- Question 117: Under Article 9 of the GDPR, which of the following categori...
- Question 118: Which of the following is one of the supervisory authority's...
- Question 119: Pursuant to Article 17 and EDPB Guidelines S'2019 on RTBF cr...
- Question 120: Pursuant to Article 4(5) of the GDPR, data is considered "ps...
- Question 121: According to the E-Commerce Directive 2000/31/EC, where is t...
- Question 122: An entity's website stores text files on EU users' computer ...
- Question 123: What is the main task of the European Data Protection Board?...
