- Home
- IAPP
- Certified Information Privacy Professional/Europe (CIPP/E)
- IAPP.CIPP-E.v2024-06-20.q123
- Question 51
Valid CIPP-E Dumps shared by ExamDiscuss.com for Helping Passing CIPP-E Exam! ExamDiscuss.com now offer the newest CIPP-E exam dumps, the ExamDiscuss.com CIPP-E exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CIPP-E dumps with Test Engine here:
Access CIPP-E Dumps Premium Version
(298 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 51/123
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?
Correct Answer: C
According to Article 35 of the GDPR, a Data Protection Impact Assessment (DPIA) is required when the processing of data is likely to result in a high risk to the rights and freedoms of natural persons, especially when using new technologies. A DPIA is supposed to show the characteristics of the processing, the risks and the measures adopted to mitigate them. The GDPR also provides some examples of processing operations that require a DPIA, such as:
a systematic and extensive evaluation of personal aspects based on automated processing, including profiling, and on which decisions are based that produce legal or significant effects on the data subject; processing on a large scale of special categories of data or data relating to criminal convictions and offences; or a systematic monitoring of a publicly accessible area on a large scale.
Among the answer choices, only option C falls under the first example, as it involves a systematic and extensive evaluation of personal aspects based on location data and data from third-party sources, which could be used for profiling and matching purposes. This could have significant effects on the data subjects' privacy, personal relationships and reputation. Therefore, a DPIA would be required for this processing operation.
Option A does not necessarily involve a systematic and extensive evaluation of personal aspects, nor does it produce legal or significant effects on the data subject. It could be considered a legitimate interest of the company to offer more personalized service, as long as it respects the principles of data minimization, purpose limitation and transparency.
Option B does not involve a decision based on the processing, nor does it produce legal or significant effects on the data subject. It could be considered a form of direct marketing, which is subject to specific rules under the GDPR and the ePrivacy Directive.
Option D does not involve personal data relating to natural persons, but rather to delivery trucks. Therefore, it does not pose a high risk to the rights and freedoms of natural persons.
Reference:
GDPR Article 35
Guidelines on DPIA
Art. 35 GDPR - Data protection impact assessment - GDPR.eu
a systematic and extensive evaluation of personal aspects based on automated processing, including profiling, and on which decisions are based that produce legal or significant effects on the data subject; processing on a large scale of special categories of data or data relating to criminal convictions and offences; or a systematic monitoring of a publicly accessible area on a large scale.
Among the answer choices, only option C falls under the first example, as it involves a systematic and extensive evaluation of personal aspects based on location data and data from third-party sources, which could be used for profiling and matching purposes. This could have significant effects on the data subjects' privacy, personal relationships and reputation. Therefore, a DPIA would be required for this processing operation.
Option A does not necessarily involve a systematic and extensive evaluation of personal aspects, nor does it produce legal or significant effects on the data subject. It could be considered a legitimate interest of the company to offer more personalized service, as long as it respects the principles of data minimization, purpose limitation and transparency.
Option B does not involve a decision based on the processing, nor does it produce legal or significant effects on the data subject. It could be considered a form of direct marketing, which is subject to specific rules under the GDPR and the ePrivacy Directive.
Option D does not involve personal data relating to natural persons, but rather to delivery trucks. Therefore, it does not pose a high risk to the rights and freedoms of natural persons.
Reference:
GDPR Article 35
Guidelines on DPIA
Art. 35 GDPR - Data protection impact assessment - GDPR.eu
- Question List (123q)
- Question 1: According to the European Data Protection Board, which of th...
- Question 2: Since blockchain transactions are classified as pseudonymous...
- Question 3: SCENARIO Please use the following to answer the next questio...
- Question 4: SCENARIO Please use the following to answer the next questio...
- Question 5: Tanya is the Data Protection Officer for Curtains Inc., a GD...
- Question 6: The transparency principle is most directly related to which...
- Question 7: Under what circumstances would the GDPR apply to personal da...
- Question 8: SCENARIO Please use the following to answer the next questio...
- Question 9: Read the following steps: Discover which employees are acces...
- Question 10: What is true if an employee makes an access request to his e...
- Question 11: Which of the following is one of the supervisory authority's...
- Question 12: To provide evidence of GDPR compliance, a company performs a...
- Question 13: What is a reason the European Court of Justice declared the ...
- Question 14: What is the most frequently used mechanism for legitimizing ...
- Question 15: SCENARIO Please use the following to answer the next questio...
- Question 16: An unforeseen power outage results in company Z's lack of ac...
- Question 17: When is data sharing agreement MOST likely to be needed?...
- Question 18: Which of the following would NOT be relevant when determinin...
- Question 19: Which marketing-related activity is least likely to be cover...
- Question 20: Which of the following is NOT considered a fair processing p...
- Question 21: When does the GDPR provide more latitude for a company to pr...
- Question 22: Which change was introduced by the 2009 amendments to the e-...
- Question 23: SCENARIO Please use the following to answer the next questio...
- Question 24: Which area of privacy is a lead supervisory authority's (LSA...
- Question 25: MagicClean is a web-based service located in the United Stat...
- Question 26: Please use the following to answer the next question: Wonder...
- Question 27: Which of the following was the first to implement national l...
- Question 28: Which of the following Convention 108+ principles, as amende...
- Question 29: SCENARIO Please use the following to answer the next questio...
- Question 30: Which of the following entities would most likely be exempt ...
- Question 31: Which GDPR principle would a Spanish employer most likely de...
- Question 32: SCENARIO Please use the following to answer the next questio...
- Question 33: SCENARIO Please use the following to answer the next questio...
- Question 34: SCENARIO Please use the following to answer the next questio...
- Question 35: SCENARIO Please use the following to answer the next questio...
- Question 36: Which of the following is NOT exempt from the material scope...
- Question 37: Under the GDPR, which essential pieces of information must b...
- Question 38: SCENARIO Please use the following to answer the next questio...
- Question 39: What are the obligations of a processor that engages a sub-p...
- Question 40: SCENARIO Please use the following to answer the next questio...
- Question 41: SCENARIO Please use the following to answer the next questio...
- Question 42: What type of data lies beyond the scope of the General Data ...
- Question 43: Bioface is a company based in the United States. It has no s...
- Question 44: SCENARIO Please use the following to answer the next questio...
- Question 45: The GDPR specifies fines that may be levied against data con...
- Question 46: A company has collected personal data tor direct marketing p...
- Question 47: After detecting an intrusion involving the theft of unencryp...
- Question 48: SCENARIO Please use the following to answer the next questio...
- Question 49: Which of the following describes a mandatory requirement for...
- Question 50: A data controller appoints a data protection officer. Which ...
- Question 51: Based on GDPR Article 35, which of the following situations ...
- Question 52: Which statement provides an accurate description of a direct...
- Question 53: A homeowner has installed a motion-detecting surveillance sy...
- Question 54: For which of the following operations would an employer most...
- Question 55: SCENARIO Please use the following to answer the next questio...
- Question 56: SCENARIO Please use the following to answer the next questio...
- Question 57: When collecting personal data in a European Union (EU) membe...
- Question 58: What is the primary purpose of Convention 108+, which amends...
- Question 59: SCENARIO Please use the following to answer the next questio...
- Question 60: With the issue of consent, the GDPR allows member states som...
- Question 61: What permissions are required for a marketer to send an emai...
- Question 62: In which situation would a data controller most likely be ab...
- Question 63: It a company receives an anonymous email demanding ransom fo...
- Question 64: Which mechanism, new to the GDPR, now allows for the possibi...
- Question 65: SCENARIO Please use the following to answer the next questio...
- Question 66: When may browser settings be relied upon for the lawful appl...
- Question 67: Two companies, Gellcoat and Freifish, make plans to launch a...
- Question 68: Which sentence BEST summarizes the concepts of "fairness," "...
- Question 69: SCENARIO Please use the following to answer the next questio...
- Question 70: Which of the following is NOT an explicit right granted to d...
- Question 71: In the wake of the Schrems II ruling, which of the following...
- Question 72: SCENARIO Please use the following to answer the next questio...
- Question 73: SCENARIO Please use the following to answer the next questio...
- Question 74: How is the retention of communications traffic data for law ...
- Question 75: If two controllers act as joint controllers pursuant to Arti...
- Question 76: With respect to international transfers of personal data, th...
- Question 77: In addition to the European Commission, who can adopt standa...
- Question 78: SCENARIO Please use the following to answer the next questio...
- Question 79: A dynamic Internet Protocol (IP) address is considered perso...
- Question 80: How is the GDPR's position on consent MOST likely to affect ...
- Question 81: Which of the following would require designating a data prot...
- Question 82: Company X has entrusted the processing of their payroll data...
- Question 83: SCENARIO Please use the following to answer the next questio...
- Question 84: Which of the following demonstrates compliance with the acco...
- Question 85: Article 29 Working Party has emphasized that the GDPR forbid...
- Question 86: What is the key difference between the European Council and ...
- Question 87: SCENARIO Please use the following to answer the next questio...
- Question 88: SCENARIO Please use the following to answer the next questio...
- Question 89: SCENARIO Please use the following to answer the next questio...
- Question 90: SCENARIO Please use the following to answer the next questio...
- Question 91: Under the GDPR, where personal data is not obtained directly...
- Question 92: What was the aim of the European Data Protection Directive 9...
- Question 93: Which judicial body makes decisions on actions taken by indi...
- Question 94: SCENARIO Please use the following to answer the next questio...
- Question 95: According to Article 14 of the GDPR, how long does a control...
- Question 96: WP29's "Guidelines on Personal data breach notification unde...
- Question 97: SCENARIO Please use the following to answer the next questio...
- Question 98: SCENARIO Please use the following to answer the next questio...
- Question 99: To receive a preliminary interpretation on provisions of the...
- Question 100: Under the GDPR, who would be LEAST likely to be allowed to e...
- Question 101: Which of the following countries will continue to enjoy adeq...
- Question 102: SCENARIO Please use the following to answer the next questio...
- Question 103: An organisation receives a request multiple times from a dat...
- Question 104: SCENARIO Please use the following to answer the next questio...
- Question 105: SCENARIO Please use the following to answer the next questio...
- Question 106: An organization conducts body temperature checks as a part o...
- Question 107: In the event of a data breach, which type of information are...
- Question 108: The European Parliament jointly exercises legislative and bu...
- Question 109: SCENARIO Please use the following to answer the next questio...
- Question 110: SCENARIO Please use the following to answer the next questio...
- Question 111: SCENARIO Please use the following to answer the next questio...
- Question 112: Select the answer below that accurately completes the follow...
- Question 113: What was the main failing of Convention 108 that led to the ...
- Question 114: SCENARIO Please use the following to answer the next questio...
- Question 115: According to Art 23 GDPR, which of the following data subjec...
- Question 116: SCENARIO Please use the following to answer the next questio...
- Question 117: Under Article 9 of the GDPR, which of the following categori...
- Question 118: Which of the following is one of the supervisory authority's...
- Question 119: Pursuant to Article 17 and EDPB Guidelines S'2019 on RTBF cr...
- Question 120: Pursuant to Article 4(5) of the GDPR, data is considered "ps...
- Question 121: According to the E-Commerce Directive 2000/31/EC, where is t...
- Question 122: An entity's website stores text files on EU users' computer ...
- Question 123: What is the main task of the European Data Protection Board?...
