Scribd Logo
Upload

Welcome to Scribd!

  • CIPP ReviewPast PDF

    Uploaded by

    musha
    22 views2 pages

    Original Title

    CIPP-ReviewPast.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views2 pages

    CIPP ReviewPast PDF

    Uploaded by

    musha

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    1. When do you need a DPO?

    2. When do controllers and processors have to keep records (Article 30)?


    3. When do you not need a DPIA even if you are doing a processing that involves high risk?
    4. Which institution is eligible to approve Binding Corporate Rules?
    5. What are the Privacy Shield self-certification requirements?
    6. Why can’t a US financial institution be eligible for Privacy Shield?
    7. What is the current list of adequate countries and the period to review the adequacy?
    8. What are the legal bases to transfer data outside of EEA?
    9. When does the household exemption for GDPR not apply?
    10. What is the exception for opt-on rule for B2C marketing?
    11. What information do you need to include in CCTV notice?
    12. What are the permitted uses of metadata according to ePrivacy?
    13. What are the 4 considerations for monitoring?
    14. Who monitors personal data processing of EU bodies?
    15. What are the powers of Supervisory Authority and examples for each power?
    16. What information should be provided to data subjects for cross-border transfers?
    17. What are cross border transfer derogations?
    18. What are the responsibilities of SA?
    19. When can a controller lift restriction of processing?
    20. Can processors determine where and by whom the data is processed?
    21. What should be the model (controller-processor-joint controllers) when several companies
    share a list to black list or white list clients?
    22. Scenario: You are sharing salary information of your employees with HMRC and HMRC uses
    this data for tax calculations. What is the role of each party and what is the information you
    should give to your employees?
    23. How did DPA interpreted the brand page and Facebook relationship in Germany?
    24. What are the special categories of personal data?
    25. Can you use personal data that is anonymised?
    26. What are the GDPR principles for processing personal data?
    27. What are the exclusions to GDPR material scope?
    28. In which cases can you process sensitive data?
    29. Which legal bases can you not rely on for processing sensitive data?
    30. What adequate safeguards needed for legitimate interest?
    31. If the controller has only economic interests, can the controller still rely on legitimate
    interest?
    32. What is the age limit to be considered an adult according to GDPR?
    33. What are the 6 legal bases to process personal data?
    34. Who are the members of European Data Protection Board?
    35. What happened to WP29 after GDPR?
    36. Which body of EU is responsible for proposing new legislation?
    37. Which bodies of EU are responsible for legislation and budget?
    38. Which EU body is responsible for high level agenda and priorities of EU?
    39. What is the judicial body of Council of Europe?
    40. What is the judicial body of EU?
    41. What are the number of members for EU, EEA and CE?
    42. What is the material scope of ePrivacy Directive?
    43. What is the first EU Data Protection Law?
    44. What is the material scope of Convention 108?
    45. What is the first binding data protection law?
    46. Which act is the first for data protection principles?
    47. Is European Convention on Human Rights legally binding?
    48. What is the territorial scope of European Convention on Human Rights?
    49. What is the territorial scope of Universal Declaration of Human Rights?
    50. What are the exemptions to data breach notification to data subjects?
    51. What is the exemption on Supervisory Authority data breach notification?
    52. What are the risk assessment factors?
    53. What does risk based security approach take into account?
    54. What are the 4 attributes of security controls?
    55. What is the time limit for data breach to supervisory authority?
    56. What is the content of data breach notification to supervisory authority?
    57. What are the contractual terms for engaging processors?
    58. How can you demonstrate compliance for security?
    59. Which legal bases can you not rely on for automated decision making?
    60. How can controllers achieve transparency?
    61. When does the user has the right to object?
    62. What are the ways of restriction of processing?
    63. What are the exemptions for erasure right?
    64. What are the required conditions for right of erasure?
    65. What are the conditions for data portability right?
    66. What are the limitations for access & rectification?
    67. How can you ensure easy & compliant information provision?
    68. What are the exemptions of information provision?
    69. What extra information do you need to provide for indirect collection and when?
    70. What information do you need to provide for access right?
    71. What do you need to include in a DPIA?
    72. What information do you need to provide for direct collection?
    73. When can you charge data subject for access right?
    74. When is automated processing including profiling prohibited?
    75. What are the exemptions on automated decision making prohibition?
    76. How can you use automated decision making for special categories of data?
    77. Who is accountable for data protection by design & default?
    78. Do processors need to do DPIA?

    You might also like