The European Data Protection Board (EDPB) recommends measures to supplement transfer tools, in order to ensure compliance with the European Union (EU) level of personal data protection. According to these recommendations, what additional actions should be taken when a transfer to a third country is based upon an adequacy decision?
A. Monitor changes in the law or practice of the third country that would tower the level of protection of personal data
B. Monitor the ongoing validity of the data transfer mechanism.
C. Adopt a supplementary data transfer mechanism.
D. Adopt technical, contractual or organizational supplementary measures.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
According to Art 23 GDPR, which of the following data subject rights can NOT be restricted?
A. Right to lodge a complaint with a supervisory authority.
B. Right to restriction of processing.
C. Right not to be subject to automated individual decision-making
D. Right to erasure ("Right to be forgotten").
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A German data subject was the victim of an embarrassing prank 20 years ago. A newspaper website published an article about the prank at the time, and the article is still available on the newspaper's website.
Unfortunately, the prank is the top search result when a user searches on the victim's name. The data subject requests that SearchCo delist this result. SearchCo agrees, and instructs its technology team to avoid scanning or indexing the article. What else must SearchCo do?
A. Identify other controllers who are processing the same information and inform them of the delisting request.
B. Notify the newspaper that its article it is delisting the article.
C. Fully erase the URL to the content, as opposed to delist which is mainly based on data subject's name.
D. Prevent the article from being listed in search results no matter what search terms are entered into the search engine.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
It a company receives an anonymous email demanding ransom for the stolen personal data of its clients, what must the company do next, per GDPR requirements'3
A. Send an email about the incident to all clients and ask them to change their passwords
B. Start an investigation to understand the incident's possible scope, duration and nature
C. Send a notification to the competent supervisory authority describing the incident.
D. Notify the police and Tile a criminal complaint about the incident
正解:C
質問 5:
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
A. Maintaining evidence that the processor was the best possible market choice available.
B. Conducting a risk assessment to analyze possible outsourcing threats.
C. Requiring that the processor directly notify the appropriate supervisory authority.
D. Documenting due diligence steps taken in the pre-contractual stage.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
Kobayashi -
このCIPP-E問題集の品質に非常に感謝しています。 CIPP-USを購入して再度受験します