cipm-2-3 – AllNet Law

This multiple choice assessment focuses on the new General Data Protection Regulation (GDPR).

The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law in preparation for the CIPM.

Format: Multiple Choice

Time: 90 minutes

The result will be provided immediately, with details on all questions.

Full Name

Email

1. Where should an organization’s procedures for resolving consumer complaints about privacy protection be found?

In the emergency response plan.

In memoranda from the CEO.

In written policies regarding privacy.

Audit observations to ensure that the processor implements and maintains appropriate technical and organizational measures to secure the data.

2) Company X wants to develop a new mobile application that will allow users to find friends by continuously tracking the locations of the devices on which the application is installed. Which one of the following should Company X do before developing the application to minimize its privacy risks?

Determine how to communicate breach notifications.

Test the accuracy of the continuous location mechanism.

Calculate the return on investment.

Conduct a privacy (or data protection) impact assessment

3) Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?

A company wants to combine location data with other data in order to offer more personalized service for the customer.

A company wants to use location data to infer information on a person’s clothes purchasing habits.

A company wants to build a dating app that creates candidate profiles based on location data and data from third-party sources.

A company wants to use location data to track delivery trucks in order to make the routes more efficient.

4. Each of the following are actions an organization should take when developing a data retention policy EXCEPT:

Work with legal advisors to determine applicable legal data retention requirements.

Instruct processors to keep information based on approved legal requirements.

Estimate what business impacts are of retaining versus destroying the data.

Brainstorm with appropriate personnel scenarios that would require data retention.

5) Access to an organization’s information systems should be tied to an employee’s role and, therefore, determined by basic security principles for role-based access controls (RBAC). Which of the following contains the correct role-based access controls principles?

Least privilege, segregation of duties, need-to-know access.

Right-to-access, need-to-know access, segregation of duties.

Functional role access, segregation of duties, least privilege.

Segregation of duties, need-to-know access, access privilege.