A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.
Which of the following are not mandatory pre-requisite before transferring sensitive personal data to its Asian branches?

• A.Determining adequacy status of the country
• B.Conducting risk assessment for the processing involved
• C.Notifying the data subject
• D.Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission

Comment: *

Name: *

Email: *

Verification: *

Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?

• A.Notify FTC of the self-certification
• B.Disclose their privacy policy publicly
• C.Adherence to the seven safe harbor principles
• D.Sign standard contractual clauses with data exporters in EU

Comment: *

Name: *

Email: *

Verification: *

Which of the following wasn't prescribed as a privacy principle under the OECD Privacy Guidelines, 1980?

• A.Openness
• B.Data minimization
• C.Security Safeguard
• D.Purpose Specification

Comment: *

Name: *

Email: *

Verification: *

If XYZ & Co. collects, stores and processes personal information of living persons, electronically in a structured filing system, then XYZ could be a:

• A.Either A or B
• B.Data Controller
• C.Data Subject
• D.Data Processor

Comment: *

Name: *

Email: *

Verification: *

A multinational company with operations in several parts within EU and outside EU, involves international
data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in
size, the organization has a works council. Most of the data transferred is personal, and some of the data that
the organization collects is sensitive in nature, the processing of some of which is also outsourced to its
branches in Asian countries.
For the outsourced work of its customers' data processing, in order to initiate data transfer to another
organizations outside EU, which is the most appropriate among the following?

• A.Since the data is processed by the vendor outside the EU, the EU directive does not apply and hence
  there are no legal concerns
• B.The vendor (data importer) in the third country, and not the exporter is responsible to put in place
  suitable model contractual clauses, and hence the exporter does not need to take any action.
• C.The data exporter needs to initiate model contractual clauses after obtaining approvals from data
  protection commissioner and have the vendor be a signatory on the same as data importer
• D.The data importer need to notify about the transfer to data protection commissioner in the destination
  country and exporter need to similarly notify in the EU country of origin

Comment: *

Name: *

Email: *

Verification: *