Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPP-E All Questions

View all questions & answers for the CIPP-E exam

Exam CIPP-E topic 1 question 281 discussion

Actual exam question from IAPP's CIPP-E
Question #: 281
Topic #: 1
[All CIPP-E Questions]

SCENARIO -
Please use the following to answer the next question:

Gentle Hedgehog Inc. is a privately owned website design agency incorporated in Italy. The company has numerous remote workers in different EU countries. Recently, the management of Gentle Hedgehog noticed a decrease in productivity of their sales team, especially among remote workers. As a result, the company plans to implement a robust but privacy-friendly remote surveillance system to prevent absenteeism, reward top performers, and ensure the best quality of customer service when sales people are interacting with customers.

Gentle Hedgehog eventually hires Sauron Eye Inc., a Chinese vendor of employee surveillance software whose European headquarters is in Germany. Sauron Eye s software provides powerful remote-monitoring capabilities, including 24/7 access to computer cameras and microphones, screen captures, emails, website history, and keystrokes. Any device can be remotely monitored from a central server that is securely installed at Gentle Hedgehog headquarters. The monitoring is invisible by default; however, a so-called Transparent Mode, which regularly and conspicuously notifies all users about the monitoring and its precise scope, also exists. Additionally, the monitored employees are required to use a built-in verification technology involving facial recognition each time they log in.

All monitoring data, including the facial recognition data, is securely stored in Microsoft Azure cloud servers operated by Sauron Eye, which are physically located in France.

After fixing the privacy problems, how long may Gentle Hedgehog store the monitoring data, assuming that no valid data erasure request is received?

  • A. As long as required by the company’s legitimate interests.
  • B. As long as a concerned employee does not request erasure of the data.
  • C. As long as provided by the EDPB guidelines for remote employee monitoring.
  • D. As long as stated in the privacy policy that all employees must follow when processing personal data.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Ssourav
3 months, 2 weeks ago
Selected Answer: A
Legitimate Interests: Data retention should be justified based on the company’s legitimate interests, balancing the need for retention against the rights and freedoms of the employees. This means data should only be retained as long as it is necessary for the purposes for which it was collected and processed, such as performance evaluation or ensuring customer service quality.
upvoted 1 times
...
58ad832
6 months, 3 weeks ago
Selected Answer: A
As long as required by the company's legitimate interest to balance off with the data subject's rights
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...