Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPP-E All Questions

View all questions & answers for the CIPP-E exam

Exam CIPP-E topic 1 question 215 discussion

Actual exam question from IAPP's CIPP-E
Question #: 215
Topic #: 1
[All CIPP-E Questions]

SCENARIO -

Please use the following to answer the next question:

CreditPlaya, SA is an established Spanish online insurance company whose exclusive activity is providing health insurance for legal residents of Spain, regardless of their nationality.

CreditPlaya autonomously manages its own website, through which a potential customer, engaging in a free pre-contractual activity, enters his or her full name, e-mail address, tax identification number (to verify residence in Spain), age, profession, and the full names of any other adult members of his or her family.

With this data, CreditPlaya immediately sends an email granting or denying eligibility for a health insurance policy. In the case of eligibility, the email also contains the eventual cost of the policy and two PDF documents – one with the contractual Terms and Conditions, and the other with the privacy notice as required by Article 13 of the GDPR.

The CreditPlaya Information Tracking System (ITS) is very efficient, with a low rate of unpaid insurance policies. The ITS is automatically fed by the information provided by every applicant, whose data is then used to refine insurance policy rates.

To ensure their back-up procedures, in January 2021 CreditPlaya started sending weekly copies of the whole database with all the applicants' personal data to an independent company in Uruguay. The information was sent through state-of-the-art encrypting tools, but once in Uruguay was stored without any encryption method.

In March 2022, the entire data base stored on the Uruguay's company servers was encrypted by malicious ransomware. There was no evidence that the data was accessed by unauthorized persons, much less altered or exfiltrated. Despite the incident, CreditPlaya found that they could rely on the locally based Spanish back-up information and carry on its activity without interrupting its operations. The incident caused the termination of the professional relationship between the two companies.


The refinement of the CreditPlaya Information Tracking System (ITS) is a processing activity that should be?

  • A. Explained in the privacy notice, with a list of the special categories of applicants' data.
  • B. Specified in the Terms and Conditions document sent to applicants.
  • C. Capable of allowing applicants to exercise their Right to Object.
  • D. Subject to the explicit consent of the applicants.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Ssourav
3 months, 3 weeks ago
Selected Answer: C
C. Capable of allowing applicants to exercise their Right to Object. Reference: GDPR Article 21: The right to object to processing, including profiling. GDPR Article 22: The right not to be subject to a decision based solely on automated processing, including profiling.
upvoted 2 times
...
bb9dcb9
8 months, 1 week ago
Selected Answer: C
Answer is C "The CreditPlaya Information Tracking System (ITS) is very efficient, with a low rate of unpaid insurance policies. The ITS is automatically fed by the information provided by every applicant, whose data is then used to refine insurance policy rates" This is profiling the data subject has the right to object.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...