In which of the following cases, cited as an example by a WP29 guidance, would conducting a single data protection impact assessment to address multiple processing operations be allowed?
Correct Answer: D
Question 188
According to Article 14 of the GDPR, how long does a controller have to provide a data subject with necessary privacy information, if that subject's personal data has been obtained from other sources?
Correct Answer: C
According to Article 14 of the GDPR, if the controller obtains personal data from other sources, such as third parties or publicly accessible sources, the controller must provide the data subject with the necessary privacy information, such as the identity and contact details of the controller, the purposes and legal basis of the processing, the categories of personal data concerned, the recipients or categories of recipients of the personal data, and the rights of the data subject. The controller must provide this information within a reasonable period after obtaining the personal data, but no later than one month, having regard to the specific circumstances in which the personal data are processed. However, there are some exceptions to this rule, such as if the data subject already has the information, if the provision of the information proves impossible or would involve a disproportionate effort, if the obtaining or disclosure of the data is expressly laid down by EU or member state law, or if the personal data must remain confidential subject to an obligation of professional secrecy12. Reference: GDPR, Article 14 Free CIPP/E Study Guide, page 19, section 2.5.1 CIPP/E Certification, page 14, section 1.2.1 Art. 14 GDPR - Information to be provided where personal data have not been obtained from the data subject Article 14 GDPR - GDPRhub
Question 189
In addition to the European Commission, who can adopt standard contractual clauses, assuming that all required conditions are met?
Correct Answer: C
According to Article 46(2) of the GDPR, standard contractual clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2) can be used as a legal basis for data transfers to third countries12. This means that, in addition to the European Commission, national data protection authorities can adopt standard contractual clauses, provided that they meet the conditions and requirements set out in the GDPR and obtain the approval of the Commission. The other options are not correct, as approved data controllers, the Council of the European Union and the European Data Protection Supervisor do not have the power to adopt standard contractual clauses under the GDPR. Reference: CIPP/E Certification - International Association of Privacy Professionals, Free CIPP/E Study Guide - International Association of Privacy Professionals, GDPR - EUR-Lex, Standard Contractual Clauses (SCC) - European Commission I hope this helps. If you have any other questions, please let me know.
Question 190
Which of the following was the first legally binding international instrument in the area of data protection?
Correct Answer: B
Question 191
Which of the following is NOT an explicit right granted to data subjects under the GDPR?
