IAPP CIPP-E Exam - Topic 3 Question 26 Discussion

Actual exam question for IAPP's CIPP-E exam

Question #: 26
Topic #: 3

What must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?

AAn obligation on the processor to report any personal data breach to the controller within 72 hours.

BAn obligation on both parties to report any serious personal data breach to the supervisory authority.

CAn obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.

DAn obligation on the processor to assist the controller in complying with the controller's obligations to notify the supervisory authority about personal data breaches.

Show Suggested Answer

Suggested Answer: B

by Clorinda at May 08, 2022, 11:51 AM

Limited Time Offer

25%

Off

Get Premium CIPP-E Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tijuana

4 months ago

I think both parties should be liable for breaches, right?

upvoted 0 times

...

Asha

5 months ago

Don't forget about assisting with supervisory authority notifications!

upvoted 0 times

...

Leonor

5 months ago

Wait, is it really 72 hours? Sounds tight!

upvoted 0 times

...

Deeanna

5 months ago

Totally agree, that's a must-have.

upvoted 0 times

...

Garry

5 months ago

Gotta include breach reporting within 72 hours!

upvoted 0 times

...

Wilburn

5 months ago

I remember practicing a similar question, and I think the key point is that the processor must assist the controller with compliance obligations.

upvoted 0 times

...

Scarlet

5 months ago

I’m a bit confused about the termination clause. I don’t recall if that’s a standard requirement in these agreements.

upvoted 0 times

...

Lamonica

5 months ago

I think I remember that the processor has to notify the controller about breaches, but I'm not sure if it's specifically 72 hours.

upvoted 0 times

...

Moon

5 months ago

This question feels familiar; I think we discussed the obligations of processors in class. I want to say they have to help the controller with supervisory authority notifications.

upvoted 0 times

...

I'm a little confused by the options here. A demo issue and international research don't seem directly relevant to the question of public vs. private bond issuance. I'll need to think this through carefully.

upvoted 0 times

...

Ailene

5 months ago

Communication is probably the least likely cause here. With an outsourced project, I'd expect the communication challenges to be a bigger factor than the others.

upvoted 0 times

...

Julio

5 months ago

Ah, this is a good one. I remember learning about the different ways to switch between user accounts and credentials. I'm pretty confident I know the right answer here.

upvoted 0 times

...

IAPP CIPP-E Exam - Topic 3 Question 26 Discussion

Contribute your Thoughts:

Tijuana

Asha

Leonor

Deeanna

Garry

Wilburn

Scarlet

Lamonica

Moon

Mila

Ailene

Julio