This multiple choice assessment focuses on the new General Data Protection Regulation (GDPR).

The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law in preparation for the CIPM.

Format: Multiple Choice

Time: 90 minutes

The result will be provided immediately, with details on all questions.

1. Where should an organization’s procedures for resolving consumer complaints about privacy protection be found?

2) Company X wants to develop a new mobile application that will allow users to find friends by continuously tracking the locations of the devices on which the application is installed. Which one of the following should Company X do before developing the application to minimize its privacy risks?

3) Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?

4. Each of the following are actions an organization should take when developing a data retention policy EXCEPT:

5) Access to an organization’s information systems should be tied to an employee’s role and, therefore, determined by basic security principles for role-based access controls (RBAC). Which of the following contains the correct role-based access controls principles?