Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-E All Questions

View all questions & answers for the CIPP-E exam
Go to Exam

Exam CIPP-E topic 1 question 176 discussion

Actual exam question from IAPP's CIPP-E
Question #: 176
Topic #: 1
[All CIPP-E Questions]

A U.S. company’s website sells widgets. Which of the following factors would NOT in itself subject the company to the GDPR?

  • A. The widgets are offered in EU and priced in euro.
  • B. The website is in English and French, and is accessible in France.
  • C. An affiliate office is located in France but the processing is in the U.S.
  • D. The website places cookies to monitor the EU website user behavior.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Egofskam at Aug. 16, 2023, 1:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Ssourav
3 months, 3 weeks ago
Selected Answer: B
B. The website is in English and French, and is accessible in France: Merely having a website accessible in the EU and available in languages spoken in the EU (like English and French) does not, by itself, indicate an intention to target customers in the EU. Accessibility alone is not enough to establish that the company is offering goods or services to data subjects in the EU.
upvoted 1 times
...
7f814c6
4 months ago
C- Having an affiliate office in France does not in itself subject the company to the GDPR if the processing of data takes place entirely in the U.S. However, if the company offers goods or services to individuals in the EU (as indicated in options A, B, and D) or monitors their behavior, the GDPR would apply.
upvoted 1 times
7f814c6
3 months, 2 weeks ago
Given the initial lack of clarity in the question, the affiliate office's mere presence does not establish an "inextricable link" (Google Spain SL v. AEPD.) without additional information on its activities. Aso EDPB Guidelines highlight the limitations of an otherwise broad Article 3(1). mere presence of an employee in the European Union is not sufficient to trigger the application of the GDPR; the processing in question must also be carried out in the context of the activities of the EU-based employee. In other words, when an employee is based in the European Union but the processing is not being carried out in the context of the activities of the EU-based employee in the European Union (i.e., the processing relates to the activities of the controller outside the European Union), it will not be within the scope of Article 3(1).
upvoted 1 times
...
...
Egofskam
1 year, 3 months ago
Selected Answer: B
B - GDPR applies to all companies doing business in the EU regardless of their location. Having a user access your website from the EU does not establish your intention to do business in the EU. If you actively court business in the EU, however, you need to follow GDPR.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel