IAPP Exam CIPP-E Topic 8 Question 85 Discussion

Actual exam question for IAPP's CIPP-E exam

Question #: 85
Topic #: 8

A company plans to transfer employee health information between two of its entities in France. To maintain the security of the processing, what would be the most important security measure to apply to the health data transmission?

AInform the data subject of the security measures in place.

BEnsure that the receiving entity has signed a data processing agreement.

CEncrypt the transferred data in transit and at rest.

DConduct a data protection impact assessment.

Show Suggested Answer

Suggested Answer: A

According to the EDPB Guidelines 05/2020 on consent under Regulation 2016/6791, valid consent for the use of cookies must meet the following conditions:

* It must be freely given, which means that the data subject must have a genuine choice and the ability to refuse or withdraw consent without detriment.

* It must be specific, which means that the data subject must give consent for each distinct purpose of the processing and for each type of cookie.

* It must be informed, which means that the data subject must receive clear and comprehensive information about the identity of the controller, the purposes of the processing, the types of cookies used, the duration of the cookies, and the possibility of withdrawing consent.

* It must be unambiguous, which means that the data subject must express their consent by a clear affirmative action, such as clicking on an ''I agree'' button or selecting specific settings in a cookie banner.

* It must be granular, which means that the data subject must be able to consent to different types of cookies separately, such as essential, functional, performance, or marketing cookies.

Therefore, a ''Cookies Settings'' button is not a necessary element to collect valid consent for the use of cookies, as long as the data subject can exercise their choice and preference through other means, such as a cookie banner with different options. However, a ''Cookies Settings'' button may be a good practice to enhance transparency and user control, as it allows the data subject to access and modify their consent settings at any time.

On the other hand, a ''Reject All'' cookies button is a necessary element to collect valid consent for the use of cookies, as it ensures that the data subject can freely refuse consent without detriment. A list of cookies that may be placed and information on the purpose of the cookies are also necessary elements to collect valid consent for the use of cookies, as they ensure that the data subject is informed and can give specific consent for each type of cookie.

by Eura at May 29, 2024, 12:39 AM

Limited Time Offer

25%

Off

Get Premium CIPP-E Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Carlota

11 days ago

Conduct a data protection impact assessment? What is this, a security quiz for rocket scientists? Encrypt the data, and call it a day!

upvoted 0 times

...

1 months ago

I think the most important security measure would be to encrypt the transferred data in transit and at rest.

upvoted 0 times

...