What are the obligations of a processor that engages a sub-processor?

• A.The processor must give the controller prior written notice and perform a preliminary audit of the sub- processor.
• B.The processor must obtain the controller's specific written authorization and provide annual reports on the sub-processor's performance.
• C.The processor must receive a written agreement that the sub-processor will be fully liable to the controller for the performance of its obligations in relation to the personal data concerned.
• D.The processor must obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor.

Comment: *

Name: *

Email: *

Verification: *

According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject's personal data has been obtained from other sources?

• A.Within a reasonable period after obtaining the personal data, but no later than one month.
• B.Within a reasonable period after obtaining the personal data, but no later than eight weeks.
• C.As soon as possible after the first communication with the data subject.
• D.As soon as possible after obtaining the personal data.

Comment: *

Name: *

Email: *

Verification: *

Which area of privacy is a lead supervisory authority's (LSA) MAIN concern?

• A.Data subject rights
• B.Data access disputes
• C.Cross-border processing
• D.Special categories of data

Comment: *

Name: *

Email: *

Verification: *

SCENARIO
Please use the following to answer the next question:
ABC Hotel Chain and XYZ Travel Agency are U.S.-based multinational companies. They use an internet-based common platform for collecting and sharing their customer data with each other, in order to integrate their marketing efforts. Additionally, they agree on the data to be stored, how reservations will be booked and confirmed, and who has access to the stored data.
Mike, an EU resident, has booked travel itineraries in the past through XYZ Travel Agency to stay at ABC Hotel Chain's locations. XYZ Travel Agency offers a rewards program that allows customers to sign up to accumulate points that can later be redeemed for free travel. Mike has signed the agreement to be a rewards program member.
Now Mike wants to know what personal information the company holds about him. He sends an email requesting access to his data, in order to exercise what he believes are his data subject rights.
What are ABC Hotel Chain and XYZ Travel Agency's roles in this relationship?

• A.ABC Hotel Chain is the controller and XYZ Travel Agency is the processor.
• B.XYZ Travel Agency is the controller and ABC Hotel Chain is the processor.
• C.ABC Hotel Chain and XYZ Travel Agency are independent controllers.
• D.ABC Hotel Chain and XYZ Travel Agency are joint controllers.

Comment: *

Name: *

Email: *

Verification: *

The European Parliament jointly exercises legislative and budgetary functions with which of the following?

• A.The European Commission.
• B.The Article 29 Working Party.
• C.The Council of the European Union.
• D.The European Data Protection Board.

Comment: *

Name: *

Email: *

Verification: *