
IAPP CIPP-Eリアル試験問題テストエンジン問題集トレーニングには252問あります
CIPP-E実際の問題解答PDFには100%カバー率リアル試験問題
CIPP-E認定試験は、一般的なデータ保護規則(GDPR)、Eprivacy指令、EU-U.Sなど、幅広いトピックをカバーしています。プライバシーシールド。この試験では、データの最小化、目的の制限、データの精度など、データ保護の基本原則も対象としています。候補者は、これらの原則と、それらがさまざまな産業や組織にどのように適用するかについての深い理解を示す必要があります。
質問 # 122
Article 58 of the GDPR describes the power of supervisory authorities. Which of the following is NOT among those granted?
- A. Corrective powers.
- B. Authorization and advisory powers.
- C. Investigatory powers.
- D. Legislative powers.
正解:D
解説:
Reference https://www.privacy-regulation.eu/en/article-58-powers-GDPR.htm
質問 # 123
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?
- A. ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.
- B. CJEU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.
- C. ECHR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot.
- D. CJEU can force national governments to implement and honor EU law, while the ECHR cannot.
正解:D
質問 # 124
Which area of privacy is a lead supervisory authority's (LSA) MAIN concern?
- A. Data access disputes
- B. Data subject rights
- C. Special categories of data
- D. Cross-border processing
正解:D
解説:
Reference https://iapp.org/news/a/is-it-possible-to-choose-your-lead-supervisory-authority-under-the-gdpr/
質問 # 125
Which of the following countries will continue to enjoy adequacy status under the GDPR, pending any future European Commission decision to the contrary?
- A. Australia
- B. Switzerland
- C. Norway
- D. Greece
正解:B
質問 # 126
SCENARIO
Please use the following to answer the next question:
Louis, a long-time customer of Bedrock Insurance, was involved in a minor car accident a few months ago. Although no one was hurt, Louis has been plagued by texts and calls from a company called Accidentable offering to help him recover compensation for personal injury. Louis has heard about insurance companies selling customers' data to third parties, and he's convinced that Accidentable must have gotten his information from Bedrock Insurance.
Louis has also been receiving an increased amount of marketing information from Bedrock, trying to sell him their full range of their insurance policies.
Perturbed by this, Louis has started looking at price comparison sites on the internet and has been shocked to find that other insurers offer much cheaper rates than Bedrock, even though he has been a loyal customer for many years. When his Bedrock policy comes up for renewal, he decides to switch to Zantrum Insurance.
In order to activate his new insurance policy, Louis needs to supply Zantrum with information about his No Claims bonus, his vehicle and his driving history. After researching his rights under the GDPR, he writes to ask Bedrock to transfer his information directly to Zantrum. He also takes this opportunity to ask Bedrock to stop using his personal data for marketing purposes.
Bedrock supplies Louis with a PDF and XML (Extensible Markup Language) versions of his No Claims Certificate, but tells Louis it cannot transfer his data directly to Zantrum as this is not technically feasible. Bedrock also explains that Louis's contract included a provision whereby Louis agreed that his data could be used for marketing purposes; according to Bedrock, it is too late for Louis to change his mind about this. It angers Louis when he recalls the wording of the contract, which was filled with legal jargon and very confusing.
In the meantime, Louis is still receiving unwanted calls from Accidentable Insurance. He writes to Accidentable to ask for the name of the organization that supplied his details to them. He warns Accidentable that he plans to complain to the data protection authority, because he thinks their company has been using his data unlawfully. His letter states that he does not want his data being used by them in any way.
Accidentable's response letter confirms Louis's suspicions. Accidentable is Bedrock Insurance's wholly owned subsidiary, and they received information about Louis's accident from Bedrock shortly after Louis submitted his accident claim. Accidentable assures Louis that there has been no breach of the GDPR, as Louis's contract included, a provision in which he agreed to share his information with Bedrock's affiliates for business purposes.
Louis is disgusted by the way in which he has been treated by Bedrock, and writes to them insisting that all his information be erased from their computer system.
After Louis has exercised his right to restrict the use of his data, under what conditions would Accidentable have grounds for refusing to comply?
- A. If Accidentable is entitled to use of the data as an affiliate of Bedrock.
- B. If the data becomes necessary to defend Accidentable's legal rights.
- C. If Accidentable also uses the data to conduct public health research.
- D. If the accuracy of the data is not an aspect that Louis is disputing.
正解:A
質問 # 127
Which of the following was the first to implement national law for data protection in 1973?
- A. France
- B. Sweden
- C. United Kingdom
- D. Germany
正解:B
質問 # 128
In which case would a controller who has undertaken a DPIA most likely need to consult with a supervisory authority?
- A. Where the DPIA identifies high risks to individuals' rights and freedoms that the controller can take steps to reduce.
- B. Where the DPIA identifies risks that will require insurance for protecting its business interests.
- C. Where the DPIA identifies that personal data needs to be transferred to other countries outside of the EEA.
- D. Where the DPIA identifies that the processing being proposed collects the sensitive data of EU citizens.
正解:A
質問 # 129
What is true if an employee makes an access request to his employer for any personal data held about him?
- A. The employer can automatically decline the request if it contains personal data about a third person.
- B. The employer can decline the request if the information is only held electronically.
- C. The employer must supply all the information held about the employee.
- D. The employer must supply any information held about an employee unless an exemption applies.
正解:D
質問 # 130
In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules?
- A. When calling a potential customer to notify her of an upcoming product sale.
- B. When creating an untargeted pop-up ad on a website.
- C. When paying a search engine company to give prominence to certain products and services within specific search results.
- D. When emailing a customer to announce that his recent order should arrive earlier than expected.
正解:D
解説:
Reference https://www.privacytrust.com/guidance/gdpr-vs-eprivacy-regulation.html
質問 # 131
According to the GDPR, how is pseudonymous personal data defined?
- A. Data that has been encrypted or is subject to other technical safeguards.
- B. Data that can no longer be attributed to a specific data subject, with no possibility of re-identifying the data.
- C. Data that has been rendered anonymous in such a manner that the data subject is no longer identifiable.
- D. Data that can no longer be attributed to a specific data subject without the use of additional information kept separately.
正解:D
質問 # 132
Which sentence BEST summarizes the concepts of "fairness," "lawfulness" and "transparency", as expressly required by Article 5 of the GDPR?
- A. Fairness refers to the security of personal data; lawfulness and transparency refers to the analysis of ordinances to ensure they are uniformly enforced.
- B. Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations.
- C. Fairness refers to the collection of data from diverse subjects; lawfulness refers to the need for legal rules to be uniform; transparency refers to giving individuals access to their data.
- D. Fairness refers to limiting the amount of data collected from individuals; lawfulness refers to the approval of company guidelines by the state; transparency solely relates to communication of key information before collecting data.
正解:B
質問 # 133
Which of the following is one of the supervisory authority's investigative powers?
- A. To require that controllers or processors adopt approved data protection certification mechanisms.
- B. To notify the controller or the processor of an alleged infringement of the GDPR.
- C. To require data controllers to provide them with written notification of all new processing activities.
- D. To determine whether a controller or processor has the right to a judicial remedy concerning a compensation decision made against them.
正解:B
質問 # 134
SCENARIO
Please use the following to answer the next question:
Sandy recently joined Market4U, an advertising technology company founded in 2016, as their VP of Privacy and Data Governance. Through her first initiative in conducting a data inventory, Sandy learned that Market4U maintains a list of 19 million global contacts that were collected throughout the course of Market4U's existence. Knowing the risk of having such a large amount of data, Sandy wanted to purge all contacts that were entered into Market4U's systems prior to May 2018, unless such contacts had a more recent interaction with Market4U content. However, Dan, the VP of Sales, informed Sandy that all of the contacts provide useful information regarding successful marketing campaigns and trends in industry verticals for Market4U's clients.
Dan also informed Sandy that he had wanted to focus on gaining more customers within the sports and entertainment industry. To assist with this behavior, Market4U's marketing team decided to add several new fields to Market4U's website forms, including forms for downloading white papers, creating accounts to participate in Market4U's forum, and attending events. Such fields include birth date and salary.
What should Sandy give as feedback to Dan and the marketing team regarding the new fields Dan wants to add to Market4U's forms?
- A. Only request the information in brackets (i.e., age group and salary range).
- B. Eliminate the fields, as they are not proportional to the services being offered.
- C. Eliminate the fields as they are not necessary for the purposes of providing white papers or registration for events.
- D. Make all the fields optional.
正解:C
質問 # 135
Which kind of privacy notice, originally advocated by the Article 29 Working Party, is commonly recommended tor Al-based technologies because of the way it provides processing information at specific points of data collection?
- A. Just-in-lime notice.
- B. Layered notice.
- C. Privacy dashboard notice
- D. Visualization notice.
正解:C
質問 # 136
Under the GDPR, which essential pieces of information must be provided to data subjects before collecting their personal data?
- A. The authority by which the controller is collecting the data and the third parties to whom the data will be sent.
- B. The identity and contact details of the controller and the reasons the data is being collected.
- C. The name/s of relevant government agencies involved and the steps needed for revising the data.
- D. The contact information of the controller and a description of the retention policy.
正解:B
質問 # 137
Please use the following to answer the next question:
ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has developed a two-pronged strategy for growth: 1) expand ProStorage s global customer base and 2) increase ProStorage's sales force by efficiently onboarding effective teams. Enacting this strategy has recently been complicated by Ruth's health condition, which has limited her working hours, as well as her ability to travel to meet potential customers. ProStorage's Human Resources department and Ruth's Chief of Staff now work together to manage her schedule and ensure that she is able to make all her medical appointments The latter has become especially crucial after Ruth's last trip to India, where she suffered a medical emergency and was hospitalized m New Delhi Unable to reach Ruths family, the hospital reached out to ProStorage and was able to connect with her Chief of Staff, who in coordination with Mary, the head of HR. provided information to the doctors based on accommodate on requests Ruth made when she started a: ProStorage What transfer mechanism should Jackie recommend for using InstaHR?
- A. Binding corporate rules.
- B. Standard contractual clauses
- C. Adequacy
- D. Explicit consent of employees.
正解:D
質問 # 138
Please use the following to answer the next question:
WonderkKids provides an online booking service for childcare. Wonderkids is based in France, but hosts its website through a company in Switzerland. As part of their service, WonderKids will pass all personal data provided to them to the childcare provider booked through their system. The type of personal data collected on the website includes the name of the person booking the childcare, address and contact details, as well as information about the children to be cared for including name, age, gender and health information. The privacy statement on Wonderkids' website states the following:
"WonderkKids provides the information you disclose to us through this website to your childcare provider for scheduling and health and safety reasons. We may also use your and your child's personal information for our own legitimate business purposes and we employ a third-party website hosting company located in Switzerland to store the dat a. Any data stored on equipment located in Switzerland meets the European Commission provisions for guaranteeing adequate safeguards for you and your child's personal information. We will only share you and your child's personal information with businesses that we see as adding real value to you. By providing us with any personal data, you consent to its transfer to affiliated businesses and to send you promotional offers."
"We may retain you and your child's personal information for no more than 28 days, at which point the data will be depersonalized, unless your personal information is being used for a legitimate business purpose beyond 28 days where it may be retained for up to 2 years."
"We are processing you and your child's personal information with your consent. If you choose not to provide certain information to us, you may not be able to use our services. You have the right to: request access to you and your child's personal information; rectify or erase you or your child's personal information; the right to correction or erasure of you and/or your child's personal information; object to any processing of you and your child's personal information. You also have the right to complain to the supervisory authority about our data processing activities." What direct marketing information can WonderKids send by email without prior consent of the person booking the childcare?
- A. Marketing information related to other business operations of WonderKids.
- B. No marketing information at all.
- C. Any marketing information at all.
- D. Marketing information for products or services similar to those purchased from WonderKids.
正解:A
質問 # 139
Please use the following to answer the next question:
Jack worked as a Pharmacovigiliance Operations Specialist in the Irish office of a multinational pharmaceutical company on a clinical trial related to COVID-19. As part of his onboarding process Jack received privacy training He was explicitly informed that while he would need to process confidential patient data in the course of his work, he may under no circumstances use this data for anything other than the performance of work-related (asks This was also specified in the privacy policy, which Jack signed upon conclusion of the training.
After several months of employment, Jack got into an argument with a patient over the phone. Out of anger he later posted the patient's name and hearth information, along with disparaging comments, on a social media website. When this was discovered by his Pharmacovigilance supervisors. Jack was immediately dismissed Jack's lawyer sent a letter to the company stating that dismissal was a disproportionate sanction, and that if Jack was not reinstated within 14 days his firm would have no alternative but to commence legal proceedings against the company. This letter was accompanied by a data access request from Jack requesting a copy of "all personal data, including internal emails that were sent/received by Jack or where Jack is directly or indirectly identifiable from the contents. In relation to the emails Jack listed six members of the management team whose inboxes the required access.
How should the company respond to Jack's request to be forgotten?
- A. The company should claim that the right to be forgotten is not applicable to them, as only a fraction of their global workforce resides in the European Union.
- B. The company should ensure that the information is stored outside of the European Union so that the right to be forgotten under the GDPR does not apply.
- C. The company should erase all data relating to Jack without undue delay as the right to be forgotten is an absolute right.
- D. The company should not erase the data at this time as it may be required to defend a legal claim of unfair dismissal.
正解:A
質問 # 140
Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?
- A. The Article 29 Working Party
- B. The European Parliament
- C. The European Commission
- D. The European Council
正解:C
解説:
Explanation/Reference: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/ adequacy-decisions_en
質問 # 141
A grade school is planning to use facial recognition to track student attendance. Which of the following may provide a lawful basis for this processing?
- A. A state law requires facial recognition to verify attendance.
- B. The school places a notice near each camera.
- C. The school gets explicit consent from the students.
- D. Processing is necessary for the legitimate interests pursed by the school.
正解:C
解説:
Reference https://www.jdsupra.com/legalnews/let-s-face-it-facial-recognition-1134180/
質問 # 142
Data retention in the EU was underpinned by a legal framework established by the Data Retention Directive (2006/24/EC). Why is the Directive no longer part of EU law?
- A. The Directive was superseded by the EU Directive on Privacy and Electronic Communications.
- B. The Directive was annulled by the European Court of Human Rights.
- C. The Directive was annulled by the Court of Justice of the European Union.
- D. The Directive was superseded by the General Data Protection Regulation.
正解:C
質問 # 143
......
国際プライバシー専門家協会 (IAPP) 認定情報プライバシープロフェッショナル / ヨーロッパ (CIPP/E) 認定試験は、個人が欧州のデータ保護法や規制に関する知識と理解を示す、世界的に認められた資格認定です。CIPP/E 認定は、欧州連合 (EU) 内で運営する組織や EU 市民の個人データを扱う組織で働くプライバシー専門家を対象としています。
IAPP CIPP-E認定は、情報プライバシーの分野で働くことに興味がある人や、この分野での知識と専門知識を実証したい人にとって貴重な資格です。試験に合格することにより、候補者は、個人データを保護し、GDPRに定められているプライバシーとデータ保護の原則を支持するというコミットメントを実証できます。
Fast2test CIPP-E試験練習テスト問題:https://jp.fast2test.com/CIPP-E-premium-file.html
CIPP-E試験問題解答:https://drive.google.com/open?id=1vvomHOCpuXbWkd2sYhhrnrW4kL4fSKFy