IAPP CIPP-E Exam - Topic 5 Question 25 Discussion

Actual exam question for IAPP's CIPP-E exam

Question #: 25
Topic #: 5

To provide evidence of GDPR compliance, a company performs an internal audit. As a result, it finds a data base, password-protected, listing all the social network followers of the client.

Regarding the domain of the controller-processor relationships, how is this situation considered?

ACompliant with the security principle, because the data base is password-protected.

BNon-compliant, because the storage of the data exceeds the tasks contractually authorized by the controller.

CNot applicable, because the data base is password protected, and therefore is not at risk of identifying any data subject.

DCompliant with the storage limitation principle, so long as the internal auditor permanently deletes the data base.

Show Suggested Answer

Suggested Answer: B

by Laurel at May 05, 2022, 06:56 AM

Limited Time Offer

25%

Off

Get Premium CIPP-E Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Charlie

6 months ago

Not sure if D makes sense, deleting doesn't fix the initial issue.

upvoted 0 times

...

Carylon

6 months ago

Password protection doesn't mean compliance, folks.

upvoted 0 times

...

Patti

6 months ago

Wait, how can they just keep a list of followers like that?

upvoted 0 times

...

Holley

7 months ago

Totally agree, B is the right choice here.

upvoted 0 times

...

Dorthy

7 months ago

It's still a breach if the data isn't needed!

upvoted 0 times

...

Pauline

7 months ago

I feel like option C is misleading; just because it's password-protected doesn’t mean it’s not identifiable. I’m confused about the right answer.

upvoted 0 times

...

Stevie

7 months ago

I practiced a similar question, and I think just being password-protected isn’t enough for GDPR compliance. Could it be option B?

upvoted 0 times

...

Agustin

7 months ago

I’m not sure, but I think the storage limitation principle might apply here. Maybe option D is correct if the data is deleted?

upvoted 0 times

...

Essie

7 months ago

I remember discussing how password protection alone doesn't guarantee compliance, so I’m leaning towards option B.

upvoted 0 times

...

Suzi

7 months ago

Okay, I think the key here is to focus on the "best" reason, not just any reason. I'll need to weigh the pros and cons of each option.

upvoted 0 times

...

Lizette

7 months ago

This looks like a pretty straightforward VLAN planning question. I'll focus on the key principles like number of VLANs, customer types, and business requirements.

upvoted 0 times

...

Luz

7 months ago

Hmm, this seems to be testing our understanding of different business objectives. I'll need to carefully consider the information provided and think through the key factors at play.

upvoted 0 times

...

Dorathy

7 months ago

I feel like they have to use a specialized approach for mental health services, so "carve-out" sounds right to me, but I wish I could remember more details.

upvoted 0 times

...