Exam Name: | Certified Information Privacy Professional/Europe (CIPP/E) | ||
Exam Code: | CIPP-E Dumps | ||
Vendor: | IAPP | Certification: | Certified Information Privacy Professional |
Questions: | 268 Q&A's | Shared By: | cassie |
SCENARIO
Please use the following to answer the next question:
ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has developed a two-pronged strategy for growth: 1) expand ProStorage s global customer base and 2) increase ProStorage's sales force by efficiently onboarding effective teams. Enacting this strategy has recently been complicated by Ruth's health condition, which has limited her working hours, as well as her ability to travel to meet potential customers. ProStorage's Human Resources department and Ruth's Chief of Staff now work together to manage her schedule and ensure that she is able to make all her medical appointments The latter has become especially crucial after Ruth's last trip to India, where she suffered a medical emergency and was hospitalized m New Delhi Unable to reach Ruths family, the hospital reached out to ProStorage and was able to connect with her Chief of Staff, who in coordination with Mary, the head of HR. provided information to the doctors based on accommodate on requests Ruth made when she started a: ProStorage
In support of Ruth's strategic goals of hiring more sales representatives, the Human
Resources team is focused on improving its processes to ensure that new
employees are sourced, interviewed, hired, and onboarded efficiently. To help with
this, Mary identified two vendors, HRYourWay, a German based company, and
InstaHR, an Australian based company. She decided to have both vendors go
through ProStorage's vendor risk review process so she can work with Ruth to
make the final decision. As part of the review process, Jackie, who is responsible
for maintaining ProStorage's privacy program (including maintaining controller
BCRs and conducting vendor risk assessments), reviewed both vendors but
completed a transfer impact assessment only for InstaHR. After her review of both
vendors, she determined that InstaHR satisfied more of the requirements as it
boasted a more established privacy program and provided third-party attestations,
whereas HRYourWay was a small vendor with minimal data protection operations.
Thus, she recommended InstaHR.
ProStorage's marketing team also worked to meet the strategic goals of the
company by focusing on industries where it needed to grow its market share. To
help with this, the team selected as a partner UpFinance, a US based company
with deep connections to financial industry customers. During ProStorage's
diligence process, Jackie from the privacy team noted in the transfer impact
assessment that UpFinance implements several data protection measures
including end-to-end encryption, with encryption keys held by the customer.
Notably, UpFinance has not received any government requests in its 7 years of
business. Still, Jackie recommended that the contract require UpFinance to notify
ProStorage if it receives a government request for personal data UpFinance
processes on its behalf prior to disclosing such data.
What transfer mechanism did ProStorage most likely rely on to transfer Ruth's medical information to the hospital?
After leaving the EU under the terms of Brexit, the United Kingdom will seek an adequacy determination. What is the reason for this?
What is true if an employee makes an access request to his employer for any personal data held about him?
A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the entrance of the building, hallways and offices. Footage is recorded continuously, and is monitored by the home office in the United States. What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?