U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPP-E Exam - Topic 2 Question 68 Discussion

Article 9 of the GDPR lists exceptions to the general prohibition against processing biometric data. Which of the following is NOT one of these exceptions?
B) The processing is necessary to protect the vital interests of the data subject when he or she is incapable of giving consent.
A) The processing is done by a non-profit organization and the results are disclosed outside the organization.
C) The processing is necessary for the establishment, exercise or defense of legal claims when courts are acting in a judicial capacity.
D) The processing is explicitly consented to by the data subject and he or she is allowed by Union or Member State law to lift the prohibition.

IAPP CIPP-E Exam - Topic 2 Question 68 Discussion

Actual exam question for IAPP's CIPP-E exam
Question #: 68
Topic #: 2
[All CIPP-E Questions]

Article 9 of the GDPR lists exceptions to the general prohibition against processing biometric dat

a. Which of the following is NOT one of these exceptions?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Sabra at Mar 29, 2023, 01:26 PM

Limited Time Offer

25%

Off

Get Premium CIPP-E Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dyan
7 months ago
I thought consent was always required, so D is surprising!
upvoted 0 times
...
Ollie
8 months ago
B and C are legit exceptions, though.
upvoted 0 times
...
Leslie
8 months ago
Wait, so a non-profit can just disclose biometric data? That sounds sketchy.
upvoted 0 times
...
Marla
8 months ago
I agree, A seems off.
upvoted 0 times
...
Herman
8 months ago
A is definitely NOT an exception.
upvoted 0 times
...
Della
8 months ago
I remember that consent is a big deal in GDPR, so D seems like a valid exception. I think A is the one that doesn't belong here.
upvoted 0 times
...
Audry
8 months ago
I feel like the non-profit organization aspect in A is tricky. It seems like it could be an exception, but I can't recall if it actually is.
upvoted 0 times
...
Heidy
8 months ago
I practiced a similar question about GDPR exceptions last week. I think B is definitely one of the exceptions, but I’m not confident about A either.
upvoted 0 times
...
Leonor
8 months ago
I remember discussing the exceptions in class, but I'm not entirely sure which one doesn't fit. I think A sounds off, but I could be wrong.
upvoted 0 times
...
Raylene
9 months ago
Hmm, this seems straightforward. I'll need to carefully review the options and make sure I select the 3 most relevant actions.
upvoted 0 times
...
Raymon
9 months ago
I'm pretty confident this is the Union of the Cube and Sphere, option B. The shape looks like it encompasses both the Cube and Sphere together.
upvoted 0 times
...
Tula
9 months ago
I think stopping and starting the instance makes more sense, but I'm not entirely sure if that's necessary in all cases.
upvoted 0 times
...
Lavonna
9 months ago
I'm unsure but I feel like the webvpn section could work too. Weren't we told something about webvpn and user access?
upvoted 0 times
...
Cornell
1 year ago
Ah, the GDPR - the gift that keeps on giving when it comes to tricky exam questions. *shakes head*
upvoted 0 times
...
Felicidad
1 year ago
Wait, the GDPR has exceptions for biometric data processing? I thought it was supposed to be ironclad! *chuckles*
upvoted 0 times
Bernadine
11 months ago
D) The processing is explicitly consented to by the data subject and he or she is allowed by Union or Member State law to lift the prohibition.
upvoted 0 times
...
Alyce
11 months ago
C) The processing is necessary for the establishment, exercise or defense of legal claims when courts are acting in a judicial capacity.
upvoted 0 times
...
Kirk
11 months ago
B) The processing is necessary to protect the vital interests of the data subject when he or she is incapable of giving consent.
upvoted 0 times
...
Herminia
12 months ago
A) The processing is done by a non-profit organization and the results are disclosed outside the organization.
upvoted 0 times
...
...
Loren
1 year ago
D has to be the correct answer. If the data subject explicitly consents and the law allows it, then the processing is permitted.
upvoted 0 times
Edda
12 months ago
C) The processing is necessary for the establishment, exercise or defense of legal claims when courts are acting in a judicial capacity.
upvoted 0 times
...
Bulah
1 year ago
B) The processing is necessary to protect the vital interests of the data subject when he or she is incapable of giving consent.
upvoted 0 times
...
Buddy
1 year ago
A) The processing is done by a non-profit organization and the results are disclosed outside the organization.
upvoted 0 times
...
...
Wilda
1 year ago
I'm going with C. Processing for legal claims seems like a reasonable exception to the biometric data prohibition.
upvoted 0 times
Chana
1 year ago
User1: True, but I still think C is the most reasonable exception.
upvoted 0 times
...
Cory
1 year ago
User2: I think D is also a valid exception, if the data subject consents.
upvoted 0 times
...
Glory
1 year ago
User1: I agree, processing for legal claims makes sense.
upvoted 0 times
...
Laquanda
1 year ago
I'm not sure about option A, processing by a non-profit organization seems a bit questionable.
upvoted 0 times
...
Stefania
1 year ago
I think option D is also a valid exception, if the data subject consents.
upvoted 0 times
...
Latonia
1 year ago
I agree, processing for legal claims makes sense as an exception.
upvoted 0 times
...
...
Mila
1 year ago
B is the obvious choice here. The GDPR allows processing biometric data to protect the vital interests of an incapable data subject.
upvoted 0 times
...
Krissy
1 year ago
I see your point, but I still think it's A because non-profit organizations are exempt from the prohibition.
upvoted 0 times
...
Leonard
1 year ago
No, I believe the correct answer is D.
upvoted 0 times
...
Carolynn
1 year ago
Option A doesn't seem right. The GDPR has strict requirements for non-profit organizations processing biometric data, even if it's disclosed outside the organization.
upvoted 0 times
Brent
1 year ago
B) The processing is necessary to protect the vital interests of the data subject when he or she is incapable of giving consent.
upvoted 0 times
...
Eve
1 year ago
A) The processing is done by a non-profit organization and the results are disclosed outside the organization.
upvoted 0 times
...
...
Krissy
1 year ago
I think the answer is A.
upvoted 0 times
...

Save Cancel