IAPP
CIPM
Q1:
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
○
A
An obligation on the processor to report any personal data breach to the controller within 72 hours,○
B
An obligation on both parties to report any serious personal data breach to the supervisory authority○
C
An obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.○
D
An obligation on the processor to assist the controller in complying with the controller's obligations to notify the supervisory authority about personal data breaches.
IAPP
CIPM
Q2:
Integrating privacy requirements into functional areas across the organization happens at which stage of the privacy operational life cycle?
○
A
Assessing data.○
B
Protecting personal data.○
C
Sustaining program performance.○
D
Responding to requests and incidents.
IAPP
CIPM
Q3:
Which of the following is NOT a main technical data control area?
○
A
Obfuscation.○
B
Tokenization.○
C
Access controls.○
D
Data minimization.
IAPP
CIPM
Q4:
When a data breach incident has occurred. the first priority is to determine?
○
A
Who caused the breach.○
B
How the breach occurred.○
C
How to contain the breach.○
D
When the breach occurred.
IAPP
CIPM
Q5:
Which of the following information must be provided by the data controller when complying with GDPR ''right to be informed'' requirements?
○
A
The purpose of personal data processing.○
B
The data subject's right to withdraw consent○
C
The contact details of the Data Protection Officer (DPO).○
D
The name of any organizations with whom personal data was shared.