Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?
A. The DPIA report must be published to demonstrate the transparency of the data processing.
B. The DPIA must include a description of the proposed processing operation and its purpose.
C. The DPIA result must be reported to the corresponding supervisory authority.
D. The DPIA is required if the processing activity entails risk to the rights and freedoms of an EU individual.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
When developing a privacy program and selecting a program sponsor or "champion" the least important consideration should be that they?
A. Will be an effective advocate and understand the importance of privacy.
B. Have the authority to approve policy and provide funding.
C. Have accountability for the organization's privacy and/or information security, risk, compliance or legal decisions.
D. Are a part of the organization's top management
正解:D
質問 3:
In a mobile app for purchasing and selling concert tickets, users are prompted to create a personalized profile prior to engaging in transactions. Once registered, users can securely access their profiles within the app, empowering them to manage and modify personal data as needed.
Which foundational Privacy by Design (PbD) principle does this feature follow?
A. Full functionality - positive-sum, not zero-sum.
B. Proactive, not reactive; preventative, not remedial.
C. Respect for user privacy - keep it user-centric.
D. End-to-end security - full life cycle protection.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
SCENARIO
Please use the following to answer the next QUESTION:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found some degree of disorganization after touring the company headquarters. His uncle Henry had always focused on production - not data processing - and Anton is concerned. In several storage rooms, he has found paper files, disks, and old computers that appear to contain the personal data of current and former employees and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the company. However, Kenneth - his uncle's vice president and longtime confidante - wants to hold off on Anton's idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this process would only take one or two years. Anton likes this idea; he envisions a password- protected system that only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware store down the street will be responsible for their own information management. Then, any unneeded subsidiary data still in Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the data was encrypted and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements related to privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago, but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another trusted employee with a law background the task of the compliance assessment. After a thorough analysis, Anton knows the company should be safe for another five years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows the effort is worth it. Anton wants his uncle's legacy to continue for many years to come.
Which of Anton's plans for improving the data management of the company is most unachievable?
A. His objective for zero loss of personal information.
B. His initiative to achieve regulatory compliance.
C. His intention to transition to electronic storage.
D. His intention to send notice letters to customers and employees.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Which item below best represents how a privacy group can effectively communicate with functional areas?
A. Work independently and share the knowledge with functional groups.
B. Monitor the responsibilities of managers who are responsible for the privacy of functional areas.
C. Choose a work unit representative and funnel all communications through that one person.
D. Work closely with functional areas by acting as both an advisor and an advocate.
正解:D
1419 お客様のコメント





杏さ** -
CIPMを受験しました。素晴らしい的中率でした。ありがとうございました。