Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-US All Questions

View all questions & answers for the CIPP-US exam
Go to Exam

Exam CIPP-US topic 1 question 29 discussion

Actual exam question from IAPP's CIPP-US
Question #: 29
Topic #: 1
[All CIPP-US Questions]

If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

  • A. Uses the transferred data for limited purposes
  • B. Provides the same level of privacy protection as the organization
  • C. Notifies the organization if it can no longer meet its requirements for proper data handling
  • D. Enters a contract with the organization that states the third party will process data according to the consent agreement
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bhimesh at April 9, 2024, 9:09 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bhimesh
7 months, 3 weeks ago
Selected Answer: D
To transfer personal data to a third party acting as an agent, organizations must: Accountability for Onward Transfer... (i) Transfer such data only for limited and specified purposes; (ii) Ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) Require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) Upon notice, including under (vi) Take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vii) Provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
upvoted 1 times
Bhimesh
7 months, 3 weeks ago
Accountability for onward transfer / vendor agreements Privacy Shield expands regulation of and accountability for third party personal data transfers. A Privacy Shield certified organization must specify in third party contracts that transferred personal data “may only be processed for limited and specified purposes consistent with” the data subject’s consent. Third parties must agree to “provide the same level of protection as the Principles.” Where the third party is acting as an agent, such as a vendor, the organization must in addition “take reasonable and appropriate steps” to ensure the agent upholds the Principles A Privacy Shield certified organization must even provide the DOC with relevant third party contractual provisions, which place some restrictions on contractual confidentiality.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel