Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
DSCI
DCPP
DCPP-01
DSCI certified Privacy Professional (DCPP) Questions and Answers

Pass the DSCI DCPP DCPP-01 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam DCPP-01 Premium Access

View all detail and faqs for the DCPP-01 exam

Go to Exam

516 Students Passed

86% Average Score

91% Same Questions

Viewing page 1 out of 4 pages

Viewing questions 1-10 out of questions

Questions # 1:

Under GDPR, the European Commission takes the adequacy decision in relation to privacy laws in a third country, territory, sector etc. A subjective approach is taken. For the assessment of whether a third country, a territory, or one or more specific sectors within that third country, or an international organization has an adequate level of protection, who is required to provide an opinion to the Commission?

Options:

European Data Protection Board

Lead Supervisory Authority

Article 29 Working Party

Convention 108 Council

Answer

Questions # 2:

According to RTI Act, under which conditions can a government department refuse to release information?

Options:

National security adversely affected by such information

This information is detrimental to the stability of the ruling party in government

Detrimental effect on the public image of government agencies

In the absence of a public interest, such information may adversely impact the privacy of its officials

Answer

A, D

Questions # 3:

By collecting, storing, and processing personal information on living individuals electronically, Star Link Company could qualify as:

Options:

Data Subject

Data Processor

Data Controller

Answer

Explanation

Data Controller An organization that determines means and purpose for data processing is called a Data Controller. It may or may not be the organization that directly collects PI from a data subject but, is accountable for PI usage, security, etc. All organizations are Data Controllers by default for their employees’ PI. Data Processor An organization that processes PI based on instructions of Data Controllers. In some instances, it may also be the organization that collect PI directly from the individuals, on behalf of Data Controller. A BPM organization processing personal information on behalf of clients would be a data processor. Similarly, a sales agent for a bank would also come under this category.

Questions # 4:

As part of the environment scanning to identify security risks to personal information, which of the following environments would be least relevant for the organization?

Options:

Organization’s own environment

Service provider’s environment

Client’s environment

Government agencies’ environment which seek lawful access to personal data

Answer

Questions # 5:

What is not a compulsory pre-requisite before a company with headquarters in the EU transfers sensitive personal data to its Asian subsidiaries?

Options:

Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission

Performing a risk assessment for the processing involved

Data subjects are notified

Assessing the country's adequacy

Answer

Questions # 6:

It is essential for an entity to comply with US requirements if it operates a website designed for kids or a website for general audiences that gathers information from individuals known to be under 13 years old. Which of the below regulations is applicable?

Options:

Gramm-Leach-Bliley Act, 1999

Child online protection Act, 1998

Personal Information Protection and Electronic Documents Act (PIPEDA)

Sarbanes-Oxley Act, 2000

Answer

Questions # 7:

Which of the following does not fall under the category of Sensitive Personal Data or Information as defined in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Data or Information) Rules, 2011?