- Home
- IAPP
- Certified Information Privacy Professional/Europe (CIPP/E)
- IAPP.CIPP-E.v2024-06-20.q123
- Question 100
Valid CIPP-E Dumps shared by ExamDiscuss.com for Helping Passing CIPP-E Exam! ExamDiscuss.com now offer the newest CIPP-E exam dumps, the ExamDiscuss.com CIPP-E exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CIPP-E dumps with Test Engine here:
Access CIPP-E Dumps Premium Version
(298 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 100/123
Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject's sensitive medical information without the data subject's knowledge or consent?
Correct Answer: D
The GDPR defines data concerning health as a special category of personal data that is subject to specific processing conditions and safeguards. The GDPR prohibits the processing of such data unless one of the exceptions in Article 9 applies. One of these exceptions is the explicit consent of the data subject, which means that the data subject has given a clear and affirmative indication of their agreement to the processing of their health data. Another exception is when the processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care. A third exception is when the processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services. These exceptions are based on the principle of necessity, which means that the processing must be strictly necessary for a specific purpose and cannot be achieved by other means.
In the given scenario, the journalist does not fall under any of these exceptions. The journalist is not a health professional, a public authority, or a person who has obtained the explicit consent of the data subject. The journalist is not processing the data for any legitimate purpose related to public health, medical care, or social protection. The journalist is merely pursuing their own interest in publishing a story that may or may not be in the public interest. The journalist is not respecting the data subject's rights and freedoms, especially their right to privacy and confidentiality. Therefore, the journalist would be least likely to be allowed to engage in the collection, use, and disclosure of the data subject's sensitive medical information without their knowledge or consent. Reference:
Article 4 (15) and Article 9 of the GDPR
Health data | ICO
What does the GDPR mean for personal data in medical reports?
Sensitive data and medical confidentiality - FutureLearn
Health data and data privacy: storing sensitive data under GDPR
In the given scenario, the journalist does not fall under any of these exceptions. The journalist is not a health professional, a public authority, or a person who has obtained the explicit consent of the data subject. The journalist is not processing the data for any legitimate purpose related to public health, medical care, or social protection. The journalist is merely pursuing their own interest in publishing a story that may or may not be in the public interest. The journalist is not respecting the data subject's rights and freedoms, especially their right to privacy and confidentiality. Therefore, the journalist would be least likely to be allowed to engage in the collection, use, and disclosure of the data subject's sensitive medical information without their knowledge or consent. Reference:
Article 4 (15) and Article 9 of the GDPR
Health data | ICO
What does the GDPR mean for personal data in medical reports?
Sensitive data and medical confidentiality - FutureLearn
Health data and data privacy: storing sensitive data under GDPR
- Question List (123q)
- Question 1: According to the European Data Protection Board, which of th...
- Question 2: Since blockchain transactions are classified as pseudonymous...
- Question 3: SCENARIO Please use the following to answer the next questio...
- Question 4: SCENARIO Please use the following to answer the next questio...
- Question 5: Tanya is the Data Protection Officer for Curtains Inc., a GD...
- Question 6: The transparency principle is most directly related to which...
- Question 7: Under what circumstances would the GDPR apply to personal da...
- Question 8: SCENARIO Please use the following to answer the next questio...
- Question 9: Read the following steps: Discover which employees are acces...
- Question 10: What is true if an employee makes an access request to his e...
- Question 11: Which of the following is one of the supervisory authority's...
- Question 12: To provide evidence of GDPR compliance, a company performs a...
- Question 13: What is a reason the European Court of Justice declared the ...
- Question 14: What is the most frequently used mechanism for legitimizing ...
- Question 15: SCENARIO Please use the following to answer the next questio...
- Question 16: An unforeseen power outage results in company Z's lack of ac...
- Question 17: When is data sharing agreement MOST likely to be needed?...
- Question 18: Which of the following would NOT be relevant when determinin...
- Question 19: Which marketing-related activity is least likely to be cover...
- Question 20: Which of the following is NOT considered a fair processing p...
- Question 21: When does the GDPR provide more latitude for a company to pr...
- Question 22: Which change was introduced by the 2009 amendments to the e-...
- Question 23: SCENARIO Please use the following to answer the next questio...
- Question 24: Which area of privacy is a lead supervisory authority's (LSA...
- Question 25: MagicClean is a web-based service located in the United Stat...
- Question 26: Please use the following to answer the next question: Wonder...
- Question 27: Which of the following was the first to implement national l...
- Question 28: Which of the following Convention 108+ principles, as amende...
- Question 29: SCENARIO Please use the following to answer the next questio...
- Question 30: Which of the following entities would most likely be exempt ...
- Question 31: Which GDPR principle would a Spanish employer most likely de...
- Question 32: SCENARIO Please use the following to answer the next questio...
- Question 33: SCENARIO Please use the following to answer the next questio...
- Question 34: SCENARIO Please use the following to answer the next questio...
- Question 35: SCENARIO Please use the following to answer the next questio...
- Question 36: Which of the following is NOT exempt from the material scope...
- Question 37: Under the GDPR, which essential pieces of information must b...
- Question 38: SCENARIO Please use the following to answer the next questio...
- Question 39: What are the obligations of a processor that engages a sub-p...
- Question 40: SCENARIO Please use the following to answer the next questio...
- Question 41: SCENARIO Please use the following to answer the next questio...
- Question 42: What type of data lies beyond the scope of the General Data ...
- Question 43: Bioface is a company based in the United States. It has no s...
- Question 44: SCENARIO Please use the following to answer the next questio...
- Question 45: The GDPR specifies fines that may be levied against data con...
- Question 46: A company has collected personal data tor direct marketing p...
- Question 47: After detecting an intrusion involving the theft of unencryp...
- Question 48: SCENARIO Please use the following to answer the next questio...
- Question 49: Which of the following describes a mandatory requirement for...
- Question 50: A data controller appoints a data protection officer. Which ...
- Question 51: Based on GDPR Article 35, which of the following situations ...
- Question 52: Which statement provides an accurate description of a direct...
- Question 53: A homeowner has installed a motion-detecting surveillance sy...
- Question 54: For which of the following operations would an employer most...
- Question 55: SCENARIO Please use the following to answer the next questio...
- Question 56: SCENARIO Please use the following to answer the next questio...
- Question 57: When collecting personal data in a European Union (EU) membe...
- Question 58: What is the primary purpose of Convention 108+, which amends...
- Question 59: SCENARIO Please use the following to answer the next questio...
- Question 60: With the issue of consent, the GDPR allows member states som...
- Question 61: What permissions are required for a marketer to send an emai...
- Question 62: In which situation would a data controller most likely be ab...
- Question 63: It a company receives an anonymous email demanding ransom fo...
- Question 64: Which mechanism, new to the GDPR, now allows for the possibi...
- Question 65: SCENARIO Please use the following to answer the next questio...
- Question 66: When may browser settings be relied upon for the lawful appl...
- Question 67: Two companies, Gellcoat and Freifish, make plans to launch a...
- Question 68: Which sentence BEST summarizes the concepts of "fairness," "...
- Question 69: SCENARIO Please use the following to answer the next questio...
- Question 70: Which of the following is NOT an explicit right granted to d...
- Question 71: In the wake of the Schrems II ruling, which of the following...
- Question 72: SCENARIO Please use the following to answer the next questio...
- Question 73: SCENARIO Please use the following to answer the next questio...
- Question 74: How is the retention of communications traffic data for law ...
- Question 75: If two controllers act as joint controllers pursuant to Arti...
- Question 76: With respect to international transfers of personal data, th...
- Question 77: In addition to the European Commission, who can adopt standa...
- Question 78: SCENARIO Please use the following to answer the next questio...
- Question 79: A dynamic Internet Protocol (IP) address is considered perso...
- Question 80: How is the GDPR's position on consent MOST likely to affect ...
- Question 81: Which of the following would require designating a data prot...
- Question 82: Company X has entrusted the processing of their payroll data...
- Question 83: SCENARIO Please use the following to answer the next questio...
- Question 84: Which of the following demonstrates compliance with the acco...
- Question 85: Article 29 Working Party has emphasized that the GDPR forbid...
- Question 86: What is the key difference between the European Council and ...
- Question 87: SCENARIO Please use the following to answer the next questio...
- Question 88: SCENARIO Please use the following to answer the next questio...
- Question 89: SCENARIO Please use the following to answer the next questio...
- Question 90: SCENARIO Please use the following to answer the next questio...
- Question 91: Under the GDPR, where personal data is not obtained directly...
- Question 92: What was the aim of the European Data Protection Directive 9...
- Question 93: Which judicial body makes decisions on actions taken by indi...
- Question 94: SCENARIO Please use the following to answer the next questio...
- Question 95: According to Article 14 of the GDPR, how long does a control...
- Question 96: WP29's "Guidelines on Personal data breach notification unde...
- Question 97: SCENARIO Please use the following to answer the next questio...
- Question 98: SCENARIO Please use the following to answer the next questio...
- Question 99: To receive a preliminary interpretation on provisions of the...
- Question 100: Under the GDPR, who would be LEAST likely to be allowed to e...
- Question 101: Which of the following countries will continue to enjoy adeq...
- Question 102: SCENARIO Please use the following to answer the next questio...
- Question 103: An organisation receives a request multiple times from a dat...
- Question 104: SCENARIO Please use the following to answer the next questio...
- Question 105: SCENARIO Please use the following to answer the next questio...
- Question 106: An organization conducts body temperature checks as a part o...
- Question 107: In the event of a data breach, which type of information are...
- Question 108: The European Parliament jointly exercises legislative and bu...
- Question 109: SCENARIO Please use the following to answer the next questio...
- Question 110: SCENARIO Please use the following to answer the next questio...
- Question 111: SCENARIO Please use the following to answer the next questio...
- Question 112: Select the answer below that accurately completes the follow...
- Question 113: What was the main failing of Convention 108 that led to the ...
- Question 114: SCENARIO Please use the following to answer the next questio...
- Question 115: According to Art 23 GDPR, which of the following data subjec...
- Question 116: SCENARIO Please use the following to answer the next questio...
- Question 117: Under Article 9 of the GDPR, which of the following categori...
- Question 118: Which of the following is one of the supervisory authority's...
- Question 119: Pursuant to Article 17 and EDPB Guidelines S'2019 on RTBF cr...
- Question 120: Pursuant to Article 4(5) of the GDPR, data is considered "ps...
- Question 121: According to the E-Commerce Directive 2000/31/EC, where is t...
- Question 122: An entity's website stores text files on EU users' computer ...
- Question 123: What is the main task of the European Data Protection Board?...
