Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPP-E All Questions

View all questions & answers for the CIPP-E exam

Exam CIPP-E topic 1 question 63 discussion

Actual exam question from IAPP's CIPP-E
Question #: 63
Topic #: 1
[All CIPP-E Questions]

SCENARIO -
Please use the following to answer the next question:
Zandelay Fashion (‘Zandelay’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Martin is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection Regulation (GDPR) and other privacy legislation.
The company offers both male and female clothing lines across all age demographics, including children. In doing so, the company processes large amounts of information about such customers, including preferences and sensitive financial information such as credit card and bank account numbers.
In an aggressive bid to build revenue growth, Jerry, the CEO, tells Martin that the company is launching a new mobile app and loyalty scheme that puts significant emphasis on profiling the company’s customers by analyzing their purchases. Martin tells the CEO that: (a) the potential risks of such activities means that Zandelay needs to carry out a data protection impact assessment to assess this new venture and its privacy implications; and (b) where the results of this assessment indicate a high risk in the absence of appropriate protection measures, Zandelay may have to undertake a prior consultation with the Irish Data Protection Commissioner before implementing the app and loyalty scheme.
Jerry tells Martin that he is not happy about the prospect of having to directly engage with a supervisory authority and having to disclose details of Zandelay’s business plan and associated processing activities.
What would MOST effectively assist Zandelay in conducting their data protection impact assessment?

  • A. Information about DPIAs found in Articles 38 through 40 of the GDPR.
  • B. Data breach documentation that data controllers are required to maintain.
  • C. Existing DPIA guides published by local supervisory authorities.
  • D. Records of processing activities that data controllers are required to maintain.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
ME79
Highly Voted 1 year, 7 months ago
Selected Answer: C
The most effective way to assist Zandelay in conducting their data protection impact assessment would be option C: existing DPIA guides published by local supervisory authorities. DPIA (Data Protection Impact Assessment) guides published by local supervisory authorities can provide useful guidance on how to assess privacy risks associated with new ventures, such as the mobile app and loyalty scheme proposed by Zandelay. These guides can provide a structured approach to assessing risks and help organizations to identify and mitigate privacy risks. Option A (Information about DPIAs found in Articles 38 through 40 of the GDPR) is relevant but not as practical as option C. Option B (Data breach documentation) is not directly related to DPIAs, and Option D (Records of processing activities) is necessary but not the most effective way to assist in conducting a DPIA.
upvoted 7 times
...
oscardex
Highly Voted 1 year, 8 months ago
Article 35 talks about DPIA not Article 38 - 40. I think the answer should be C
upvoted 5 times
...
Ssourav
Most Recent 4 months ago
Selected Answer: C
C. Existing DPIA guides published by local supervisory authorities: These guides are specifically designed to help organizations conduct DPIAs and provide practical, step-by-step instructions tailored to comply with local and GDPR requirements.
upvoted 1 times
...
Grzesztof
7 months, 2 weeks ago
Selected Answer: C
Articles 38-40 relates to the position of the data protection officer, tasks of the data protection officer and codes of conduct. Taking this into account, answer C seems to be correct.
upvoted 1 times
...
zero46
11 months, 1 week ago
Selected Answer: D
ROPA can help build the DPIA - demonstrates processing activities & data mapping
upvoted 1 times
...
num
1 year, 8 months ago
Selected Answer: D
because the records provide a comprehensive view of the data processing activities that take place within the organization, including the types of personal data that are processed, the purposes of the processing, the categories of data subjects, and the recipients to whom the data is disclosed.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...