Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPP-E All Questions

View all questions & answers for the CIPP-E exam

Exam CIPP-E topic 1 question 171 discussion

Actual exam question from IAPP's CIPP-E
Question #: 171
Topic #: 1
[All CIPP-E Questions]

SCENARIO -
Please use the following to answer the next question:
Joe started the Gummy Bear Company in 2000 from his home in Vermont, USA. Today, it is a multi-billion-dollar candy company operating in every continent. All of the company’s IT servers are located in Vermont. This year Joe hires his son Ben to join the company and head up Project Big, which is a major marketing strategy to triple gross revenue in just 5 years. Ben graduated with a PhD in computer software from a top university. Ben decided to join his father’s company, but is also secretly working on launching a new global online dating website company called Ben Knows Best.
Ben is aware that the Gummy Bear Company has millions of customers and believes that many of them might also be interested in finding their perfect match. For Project Big, Ben redesigns the company’s online web portal and requires customers in the European Union and elsewhere to provide additional personal information in order to remain a customer. Project Ben begins collecting data about customers’ philosophical beliefs, political opinions and marital status.
If a customer identifies as single, Ben then copies all of that customer’s personal data onto a separate database for Ben Knows Best. Ben believes that he is not doing anything wrong, because he explicitly asks each customer to give their consent by requiring them to check a box before accepting their information. As Project Big is an important project, the company also hires a first year college student named Sam, who is studying computer science to help Ben out.
Ben calls out and Sam comes across the Ben Knows Best database. Sam is planning on going to Ireland over Spring Beak with 10 of his friends, so he copies all of the customer information of people that reside in Ireland so that he and his friends can contact people when they are in Ireland.
Joe also hires his best friend’s daughter, Alice, who just graduated from law school in the U.S., to be the company’s new General Counsel. Alice has heard about the GDPR, so she does some research on it. Alice approaches Joe and informs him that she has drafted up Binding Corporate Rules for everyone in the company to follow, as it is important for the company to have in place a legal mechanism to transfer data internally from the company’s operations in the European Union to the U.S.
Joe believes that Alice is doing a great job, and informs her that she will also be in-charge of handling a major lawsuit that has been brought against the company in federal court in the U.S. To prepare for the lawsuit, Alice instructs the company’s IT department to make copies of the computer hard drives from the entire global sales team, including the European Union, and send everything to her so that she can review everyone’s information. Alice believes that Joe will be happy that she did the first level review, as it will save the company a lot of money that would otherwise be paid to its outside law firm.
The data transfer mechanism that Alice drafted violates the GDPR because the company did not first get approval from?

  • A. The Court of Justice of the European Union.
  • B. The European Data Protection Board.
  • C. The Data Protection Authority.
  • D. The European Commission.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
goofball
Highly Voted 1 year ago
The answer is C - https://www.google.com/search?q=who+should+review+a+binding+corporate+rules+uk&rlz=1C5GCEM_enGB998GB998&oq=who+should+review+a+binding+corprate+ru&gs_lcrp=EgZjaHJvbWUqCQgCECEYChigATIGCAAQRRg5MgkIARAhGAoYoAEyCQgCECEYChigAdIBCjI0MDk5ajBqMTWoAgCwAgA&sourceid=chrome&ie=UTF-8
upvoted 5 times
...
Ssourav
Most Recent 3 months, 3 weeks ago
Selected Answer: C
C. The Data Protection Authority. Explanation: According to the GDPR, when a company wants to implement Binding Corporate Rules (BCRs) as a mechanism for data transfers outside of the European Union, it must obtain approval from the relevant Data Protection Authority (DPA). The DPA must review and approve the BCRs to ensure they provide adequate protection for the personal data being transferred. This ensures that the transfer complies with GDPR requirements and that the data subjects' rights are adequately protected.
upvoted 2 times
...
58ad832
6 months, 3 weeks ago
Selected Answer: C
Companies must submit binding corporate rules for approval to the competent data protection authority in the EU. EDPB only issues its opinion to the DPA, but the DPA ultimately approves the BCR.
upvoted 1 times
...
Claire0911
1 year, 1 month ago
The answer should be C.
upvoted 4 times
...
blasto767
1 year, 7 months ago
B chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.huntonak.com/images/content/7/3/v2/73646/a-guide-for-binding-corporate-rules.pdf
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...