- Home
- IAPP
- Certified Information Privacy Professional/Europe (CIPP/E)
- IAPP.CIPP-E.v2025-08-16.q131
- Question 75
Valid CIPP-E Dumps shared by ExamDiscuss.com for Helping Passing CIPP-E Exam! ExamDiscuss.com now offer the newest CIPP-E exam dumps, the ExamDiscuss.com CIPP-E exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CIPP-E dumps with Test Engine here:
Access CIPP-E Dumps Premium Version
(310 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 75/131
SCENARIO
Please use the following to answer the next question:
Sandy recently joined Market4U, an advertising technology company founded in 2016, as their VP of Privacy and Data Governance. Through her first initiative in conducting a data inventory, Sandy learned that Market4U maintains a list of 19 million global contacts that were collected throughout the course of Market4U's existence. Knowing the risk of having such a large amount of data, Sandy wanted to purge all contacts that were entered into Market4U's systems prior to May 2018, unless such contacts had a more recent interaction with Market4U content. However, Dan, the VP of Sales, informed Sandy that all of the contacts provide useful information regarding successful marketing campaigns and trends in industry verticals for Market4U's clients.
Dan also informed Sandy that he had wanted to focus on gaining more customers within the sports and entertainment industry. To assist with this behavior, Market4U's marketing team decided to add several new fields to Market4U's website forms, including forms for downloading white papers, creating accounts to participate in Market4U's forum, and attending events. Such fields include birth date and salary.
What should Sandy give as feedback to Dan and the marketing team regarding the new fields Dan wants to add to Market4U's forms?
Please use the following to answer the next question:
Sandy recently joined Market4U, an advertising technology company founded in 2016, as their VP of Privacy and Data Governance. Through her first initiative in conducting a data inventory, Sandy learned that Market4U maintains a list of 19 million global contacts that were collected throughout the course of Market4U's existence. Knowing the risk of having such a large amount of data, Sandy wanted to purge all contacts that were entered into Market4U's systems prior to May 2018, unless such contacts had a more recent interaction with Market4U content. However, Dan, the VP of Sales, informed Sandy that all of the contacts provide useful information regarding successful marketing campaigns and trends in industry verticals for Market4U's clients.
Dan also informed Sandy that he had wanted to focus on gaining more customers within the sports and entertainment industry. To assist with this behavior, Market4U's marketing team decided to add several new fields to Market4U's website forms, including forms for downloading white papers, creating accounts to participate in Market4U's forum, and attending events. Such fields include birth date and salary.
What should Sandy give as feedback to Dan and the marketing team regarding the new fields Dan wants to add to Market4U's forms?
Correct Answer: D
Sandy should give this feedback to Dan and the marketing team, as it reflects the principle of data minimization, which requires that personal data collected must be adequate, relevant and limited to what is necessary for the purposes of the processing1. Collecting birth date and salary information from customers who want to download white papers or register for events is not necessary for those purposes, and may pose risks for data protection and security. Moreover, such information may fall under the category of special data, which requires explicit consent from the data subjects and can only be processed under certain conditions2. The other options do not comply with the principle of data minimization, as they still involve collecting more data than needed, even if they are optional or in brackets. Reference:
Free CIPP/E Study Guide, page 23, section 3.1
CIPP/E Certification, page 18, section 3.1
The Ultimate CIPP/E Study Guide for 2023, page 16, section 3.1
Principles - General Data Protection Regulation (GDPR), Article 5
Special categories of personal data - General Data Protection Regulation (GDPR), Article 9
Free CIPP/E Study Guide, page 23, section 3.1
CIPP/E Certification, page 18, section 3.1
The Ultimate CIPP/E Study Guide for 2023, page 16, section 3.1
Principles - General Data Protection Regulation (GDPR), Article 5
Special categories of personal data - General Data Protection Regulation (GDPR), Article 9
- Question List (131q)
- Question 1: SCENARIO Please use the following to answer the next questio...
- Question 2: It a company receives an anonymous email demanding ransom fo...
- Question 3: If a multi-national company wanted to conduct background che...
- Question 4: If a company is planning to use closed-circuit television (C...
- Question 5: As per the GDPR, which legal basis would be the most appropr...
- Question 6: How is the GDPR's position on consent MOST likely to affect ...
- Question 7: After leaving the EU under the terms of Brexit, the United K...
- Question 8: Under the GDPR, which essential pieces of information must b...
- Question 9: Which mechanism, introduced by the GDPR as a means of ensuri...
- Question 10: With the issue of consent, the GDPR allows member states som...
- Question 11: Which of the following is NOT recognized as a common charact...
- Question 12: SCENARIO Please use the following to answer the next questio...
- Question 13: Which of the following was the first to implement national l...
- Question 14: What is true if an employee makes an access request to his e...
- Question 15: How does the GDPR now define "processing"?...
- Question 16: What is the main task of the European Data Protection Board?...
- Question 17: SCENARIO Please use the following to answer the next questio...
- Question 18: SCENARIO Please use the following to answer the next questio...
- Question 19: According to Article 84 of the GDPR, the rules on penalties ...
- Question 20: Company X has entrusted the processing of their payroll data...
- Question 21: What is the key difference between the European Council and ...
- Question 22: SCENARIO Please use the following to answer the next questio...
- Question 23: Which of the following demonstrates compliance with the acco...
- Question 24: Which of the following describes a mandatory requirement for...
- Question 25: Which of the following countries will continue to enjoy adeq...
- Question 26: A worker in a European Union (EU) member state has ceased hi...
- Question 27: Which of the following is an accurate statement regarding th...
- Question 28: SCENARIO Please use the following to answer the next questio...
- Question 29: SCENARIO Please use the following to answer the next questio...
- Question 30: You are the new Data Protection Officer for your company and...
- Question 31: SCENARIO Please use the following to answer the next questio...
- Question 32: SCENARIO Please use the following to answer the next questio...
- Question 33: What term BEST describes the European model for data protect...
- Question 34: Under Article 21 of the GDPR, a controller must stop profili...
- Question 35: A news website based m (he United Slates reports primarily o...
- Question 36: Under what circumstances might the "soft opt-in" rule apply ...
- Question 37: A Spanish electricity customer calls her local supplier with...
- Question 38: SCENARIO Please use the following to answer the next questio...
- Question 39: Read the following steps: Discover which employees are acces...
- Question 40: Through a combination of hardware failure and human error, t...
- Question 41: Start-up company MagicAI is developing an AI system that wil...
- Question 42: SCENARIO Please use the following to answer the next questio...
- Question 43: A mobile device application that uses cookies will be subjec...
- Question 44: The EDPB's Guidelines 8/2020 on the targeting of social medi...
- Question 45: SCENARIO Please use the following to answer the next questio...
- Question 46: Which change was introduced by the 2009 amendments to the e-...
- Question 47: What are the obligations of a processor that engages a sub-p...
- Question 48: The Planet 49 CJEU Judgement applies to?...
- Question 49: SCENARIO Please use the following to answer the next questio...
- Question 50: Under which of the following conditions does the General Dat...
- Question 51: A well-known video production company, based in Spain but sp...
- Question 52: To provide evidence of GDPR compliance, a company performs a...
- Question 53: Sanctions for non-compliance with the EU Artificial Intellig...
- Question 54: Which of the following is NOT one of the 4 principles develo...
- Question 55: What is an important difference between the European Court o...
- Question 56: Under the GDPR, who would be LEAST likely to be allowed to e...
- Question 57: Since blockchain transactions are classified as pseudonymous...
- Question 58: What obligation does a data controller or processor have aft...
- Question 59: SCENARIO Please use the following to answer the next questio...
- Question 60: SCENARIO Please use the following to answer the next questio...
- Question 61: Which aspect of the GDPR will likely have the most impact on...
- Question 62: What was the main failing of Convention 108 that led to the ...
- Question 63: SCENARIO Please use the following to answer the next questio...
- Question 64: Articles 13 and 14 of the GDPR provide details on the obliga...
- Question 65: SCENARIO Please use the following to answer the next questio...
- Question 66: With respect to international transfers of personal data, th...
- Question 67: Why is advisable to avoid consent as a legal basis for an em...
- Question 68: WP29's "Guidelines on Personal data breach notification unde...
- Question 69: Under the Data Protection Law Enforcement Directive of the E...
- Question 70: Article 9 of the GDPR lists exceptions to the general prohib...
- Question 71: Which of the following was the first legally binding interna...
- Question 72: SCENARIO Please use the following to answer the next questio...
- Question 73: What ruling did the Planet 49 CJEU judgment make regarding t...
- Question 74: Which GDPR principle would a Spanish employer most likely de...
- Question 75: SCENARIO Please use the following to answer the next questio...
- Question 76: SCENARIO Please use the following to answer the next questio...
- Question 77: Please use the following to answer the next question: Wonder...
- Question 78: SCENARIO Please use the following to answer the next questio...
- Question 79: SCENARIO Please use the following to answer the next questio...
- Question 80: SCENARIO Please use the following to answer the next questio...
- Question 81: SCENARIO Please use the following to answer the next questio...
- Question 82: Data retention in the EU was underpinned by a legal framewor...
- Question 83: Jerry the Chief Marketing Officer for a sports apparel and t...
- Question 84: Which of the following is NOT recognized as being a common c...
- Question 85: There are three domains of security covered by Article 32 of...
- Question 86: What must a data controller do in order to make personal dat...
- Question 87: A multinational company is appointing a mandatory data prote...
- Question 88: How is the retention of communications traffic data for law ...
- Question 89: Under the GDPR, which of the following is true in regard to ...
- Question 90: SCENARIO Please use the following to answer the next questio...
- Question 91: Which institution has the power to adopt findings that confi...
- Question 92: An employee of company ABCD has just noticed a memory stick ...
- Question 93: When does the GDPR provide more latitude for a company to pr...
- Question 94: Which type of personal data does the GDPR define as a "speci...
- Question 95: If two controllers act as joint controllers pursuant to Arti...
- Question 96: What should a controller do after a data subject opts out of...
- Question 97: SCENARIO Please use the following to answer the next questio...
- Question 98: SCENARIO Please use the following to answer the next questio...
- Question 99: Which statement is correct when considering the right to pri...
- Question 100: SCENARIO Please use the following to answer the next questio...
- Question 101: If a multi-national company wanted to conduct background che...
- Question 102: SCENARIO Please use the following to answer the next questio...
- Question 103: When collecting personal data in a European Union (EU) membe...
- Question 104: SCENARIO Please use the following to answer the next questio...
- Question 105: In the Planet 49 case, what was the main judgement of the Co...
- Question 106: SCENARIO Please use the following to answer the next questio...
- Question 107: Which area of privacy is a lead supervisory authority's (LSA...
- Question 108: What is true of both the General Data Protection Regulation ...
- Question 109: SCENARIO Please use the following to answer the next questio...
- Question 110: Article 58 of the GDPR describes the power of supervisory au...
- Question 111: Which statement provides an accurate description of a direct...
- Question 112: Once an organization has conducted an internal investigation...
- Question 113: Which of the following would most likely NOT be covered by t...
- Question 114: Since blockchain transactions are classified as pseudonymous...
- Question 115: SCENARIO Please use the following to answer the next questio...
- Question 116: SCENARIO Please use the following to answer the next questio...
- Question 117: Many businesses print their employees' photographs on buildi...
- Question 118: SCENARIO Please use the following to answer the next questio...
- Question 119: SCENARIO Please use the following to answer the next questio...
- Question 120: The origin of privacy as a fundamental human right can be fo...
- Question 121: Which judicial body makes decisions on actions taken by indi...
- Question 122: SCENARIO Please use the following to answer the next questio...
- Question 123: Bioface is a company based in the United States. It has no s...
- Question 124: The GDPR specifies fines that may be levied against data con...
- Question 125: In addition to the European Commission, who can adopt standa...
- Question 126: A company plans to transfer employee health information betw...
- Question 127: SCENARIO Please use the following to answer the next questio...
- Question 128: SCENARIO Please use the following to answer the next questio...
- Question 129: A data controller appoints a data protection officer. Which ...
- Question 130: Which of the following Convention 108+ principles, as amende...
- Question 131: A homeowner has installed a motion-detecting surveillance sy...
