Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
DSCI
DCPP
DCPP-01
DSCI certified Privacy Professional (DCPP) Questions and Answers

Pass the DSCI DCPP DCPP-01 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam DCPP-01 Premium Access

View all detail and faqs for the DCPP-01 exam

Go to Exam

839 Students Passed

88% Average Score

94% Same Questions

Viewing page 2 out of 4 pages

Viewing questions 11-20 out of questions

Questions # 11:

Which of the following are key contributors that would enhance the complexity in implementing security measures for protection personal information?

Options:

Data collection through multiple modes and channels

Evolution of nimble and flexible business processes affecting access management

Regulatory requirements to issue privacy notice and data breach notification in specified format

Increasing focus on right to privacy

Answer

Questions # 12:

Regulations that apply to the processing of personal data of natural persons that fall under the following categories:

Options:

EU Citizens

All of the above

Resident of anywhere in the world

EU Residents

Answer

Explanation

Page no 4 of PBok Addendum: The EU GDPR is applicable to all EU residents. The usage of the term ‘residents’ is to be noted – it means that the resident need not be a citizen of any EU member state. It could be any individual who resides in the EU.

Questions # 13:

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

Options:

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Answer

Questions # 14:

A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For exporting EU branch employees’ data to Asian Countries for processing, which of the following instruments could be used for legal data transfer?

Options:

Customized contracts mandating ISO 27001 certification by the data processor

Standard Contractual Clauses

Binding Corporate Rules

Safe Harbor

Answer

Questions # 15:

‘Challenging Compliance’ as a privacy principle is covered in which of the following data protection/ privacy act?

Options:

Federal Data Protection Act, Germany

UK Data Protection Act

PIPEDA

Singapore Data Protection Act

Answer

Questions # 16:

Which of the following are not mandatory pre-requisite before transferring sensitive personal data to its Asian branches?

Options:

Notifying the data subject

Conducting risk assessment for the processing involved

Determining adequacy status of the country

Self-certifying to Safe Harbor practices and reporting to Federal Trade Commission

Answer

Questions # 17:

For the outsourced work of its customers’ data processing, in order to initiate data transfer to another organizations outside EU, which is the most appropriate among the following?

Options:

The vendor (data importer) in the third country, and not the exporter is responsible to put in place suitable model contractual clauses, and hence the exporter does not need to take any action.

Since the data is processed by the vendor outside the EU, the EU directive does not apply and hence there are no legal concerns

The data exporter needs to initiate model contractual clauses after obtaining approvals from data protection commissioner and have the vendor be a signatory on the same as data importer

The data importer need to notify about the transfer to data protection commissioner in the destination country and exporter need to similarly notify in the EU country of origin

Answer

Questions # 18:

Which of the following categories of information are generally protected under privacy laws?

Options:

Personally Identifiable Information (PII)

Sensitive Personal Information (SPI)

Trademark, copyright and patent information

Organizations’ confidential business information

Answer

Questions # 19:

After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India. Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

Options:

Consent

Access and Correction

Disclosure of information

Answer

Questions # 20:

With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.