ExamTopics Logo
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-US All Questions

View all questions & answers for the CIPP-US exam
Go to Exam

Exam CIPP-US topic 1 question 159 discussion

Actual exam question from IAPP's CIPP-US
Question #: 159
Topic #: 1
[All CIPP-US Questions]

A company based in United States receives information about its UK subsidiary’s employees in connection with the centralized HR service it provides.
How can the UK company ensure an adequate level of data protection that would allow the restricted data transfer to continue?

  • A. By signing up to an approved code of conduct under UK GDPR to demonstrate compliance with its requirements, both for the parent and the subsidiary companies.
  • B. By revising the contract with the United States parent company incorporating EU SCCs, as it continues to be valid for restricted transfers under the UK regime.
  • C. By submitting to the ICO a new application for the UK BCRs using the UK BCR application forms, as their existing authorized EU BCRs are not recognized.
  • D. By allowing each employee the option to opt-out to the restricted transfer, as it is necessary to send their names in order to book the sales bonuses.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by smp175 at July 6, 2023, 4:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fightingpotato
9 months ago
Selected Answer: B
By submitting to the ICO a new application for the UK BCRs using the UK BCR application forms, as their existing authorized EU BCRs are not recognized is not correct because, under UK GDPR, Binding Corporate Rules (BCRs) that were approved under the EU GDPR can still be valid in the UK. However, organizations may need to ensure their existing EU BCRs are updated to reflect UK-specific legal requirements.
upvoted 1 times
...
aprivate1
10 months, 2 weeks ago
Selected Answer: B
I am between B and C, but am voting B based on the wording of the question. Which is not always the best gut check with the CIPP, as we're aware. Both are valid, BCRs are the gold standard and would require submitting to the ICO for approval. In the interim, that transfer should be suspended. In contrast, SCCs are self regulating and offer an adequate level of protection that can be implemented quickly, allowing the transfer to continue.
upvoted 1 times
...
Bhimesh
1 year, 3 months ago
Selected Answer: C
C. By submitting to the ICO a new application for the UK BCRs using the UK BCR application forms, as their existing authorized EU BCRs are not recognized.
upvoted 1 times
...
smp175
2 years ago
Selected Answer: C
SCCs are for transfers between third parties. BCRs are for intragroup transfers. Post Brexit, company's need to separately obtain approval with the UK ICO for their UK BCRs. "Holders of EU Binding Corporate Rules (EU BCRs) are now required to take action to continue relying on them as an appropriate safeguard for international data."
upvoted 3 times
...
smp175
2 years ago
Selected Answer: D
SCCs are for transfers between third parties. BCRs are for intragroup transfers. Post Brexit, company's need to separately obtain approval with the UK ICO for their UK BCRs. "Holders of EU Binding Corporate Rules (EU BCRs) are now required to take action to continue relying on them as an appropriate safeguard for international data."
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel