Full CIPP/E exam tự ôn UPDATED ACTUAL Questions and
CORRECT Answers
Accountability The implementation of appropriate technical and organisational
measures to ensure and be able to demonstrate that the handling of
personal data is performed in accordance with relevant law, an idea
codified in the EU General Data Protection Regulation and other
frameworks, including APEC's Cross Border Privacy Rules. Traditionally
has been a fair information practices principle, that due diligence and
reasonable steps will be undertaken to ensure that personal information
will be protected and handled consistently with relevant law and other fair
use principles.
Việc thực hiện các biện pháp kỹ thuật và tổ chức phù hợp để đảm bảo
và có thể chứng minh rằng việc xử lý dữ liệu cá nhân được thực hiện
theo đúng luật pháp hiện hành, một ý tưởng được quy định trong Quy
định chung về bảo vệ dữ liệu của EU và các khuôn khổ khác, bao gồm cả
Quy tắc bảo mật xuyên biên giới của APEC. Theo truyền thống, đây là
một nguyên tắc thực hành thông tin công bằng, theo đó sự cẩn trọng
và các bước hợp lý sẽ được thực hiện để đảm bảo rằng thông tin cá
nhân sẽ được bảo vệ và xử lý nhất quán với luật pháp hiện hành và các
nguyên tắc sử dụng công bằng khác.
Accuracy Organizations must take every reasonable step to ensure the data
processed is this and, where necessary, kept up to date. Reasonable
measures should be understood as implementing processes to prevent
inaccuracies during the data collection process as well as during the
ongoing data processing in relation to the specific use for which the data
is processed. The organization must consider the type of data and the
specific purposes to maintain the accuracy of personal data in relation to
the purpose. Also embodies the responsibility to respond to data subject
requests to correct records that contain incomplete information or
misinformation.
, Adequate Level of Protection A transfer of personal data from the European Union to a third country or
an international organisation may take place where the European
Commission has decided that the third country, a territory or one or more
specified sectors within that third country, or the international organisation
in question, ensures this by taking into account the following elements:
(a) the rule of law, respect for human rights and fundamental freedoms,
both general and sectoral legislation, data protection rules,
professional rules and security measures, effective and enforceable data
subject rights and effective administrative and judicial redress for
the data subjects whose personal data is being transferred; (b) the
existence and effective functioning of independent supervisory
authorities with responsibility for ensuring and enforcing compliance with
the data protection rules; (c) the international commitments the third
country or international organisation concerned has entered into in
relation to the protection of personal data.
Annual Reports The requirement under the GDPR that the European Data Protection
Board and each supervisory authority periodically report on their
activities. The supervisory authority report should include infringements
and the activities that the authority conducted under their Article 58(2)
powers. The EDPB report should include guidelines,
recommendations, best practices and binding decisions. Additionally,
the report should include the protection of natural persons with regard to
processing in the EU and, where relevant, in third countries and
international organisations. Shall be made public and be transmitted to
the European Parliament, to the Council and to the Commission.
Anonymous Information In contrast to personal data, this is not related to an identified or an
identifiable natural person and cannot be combined with other
information to re-identify individuals. It has been rendered
unidentifiable and, as such, is not protected by the GDPR.
Anti-discrimination Laws indications of special classes of personal data. If there exists law
protecting against discrimination based on a class or status, it is likely
personal information relating to that class or status is subject to more
stringent data protection regulation, under the GDPR or otherwise.
Appropriate Safeguards The GDPR refers to these in a number of contexts, including the
transfer of personal data to third countries outside the European Union,
the processing of special categories of data, and the processing of
personal data in a law enforcement context. This generally refers to the
application of the general data protection principles, in particular purpose
limitation, data minimisation, limited storage periods, data quality, data
protection by design and by default, legal basis for processing,
processing of special categories of personal data, measures to ensure
data security, and the requirements in respect of onward transfers to
bodies not bound by the binding corporate rules. This may also refer to
the use of encryption or pseudonymization, standard data protection
clauses adopted by the Commission, contractual clauses authorized by a
supervisory authority, or certification schemes or codes of conduct
authorized by the Commission or a supervisory authority. Should ensure
compliance with data protection requirements and the rights of the data
subjects appropriate to processing within the European Union.
CORRECT Answers
Accountability The implementation of appropriate technical and organisational
measures to ensure and be able to demonstrate that the handling of
personal data is performed in accordance with relevant law, an idea
codified in the EU General Data Protection Regulation and other
frameworks, including APEC's Cross Border Privacy Rules. Traditionally
has been a fair information practices principle, that due diligence and
reasonable steps will be undertaken to ensure that personal information
will be protected and handled consistently with relevant law and other fair
use principles.
Việc thực hiện các biện pháp kỹ thuật và tổ chức phù hợp để đảm bảo
và có thể chứng minh rằng việc xử lý dữ liệu cá nhân được thực hiện
theo đúng luật pháp hiện hành, một ý tưởng được quy định trong Quy
định chung về bảo vệ dữ liệu của EU và các khuôn khổ khác, bao gồm cả
Quy tắc bảo mật xuyên biên giới của APEC. Theo truyền thống, đây là
một nguyên tắc thực hành thông tin công bằng, theo đó sự cẩn trọng
và các bước hợp lý sẽ được thực hiện để đảm bảo rằng thông tin cá
nhân sẽ được bảo vệ và xử lý nhất quán với luật pháp hiện hành và các
nguyên tắc sử dụng công bằng khác.
Accuracy Organizations must take every reasonable step to ensure the data
processed is this and, where necessary, kept up to date. Reasonable
measures should be understood as implementing processes to prevent
inaccuracies during the data collection process as well as during the
ongoing data processing in relation to the specific use for which the data
is processed. The organization must consider the type of data and the
specific purposes to maintain the accuracy of personal data in relation to
the purpose. Also embodies the responsibility to respond to data subject
requests to correct records that contain incomplete information or
misinformation.
, Adequate Level of Protection A transfer of personal data from the European Union to a third country or
an international organisation may take place where the European
Commission has decided that the third country, a territory or one or more
specified sectors within that third country, or the international organisation
in question, ensures this by taking into account the following elements:
(a) the rule of law, respect for human rights and fundamental freedoms,
both general and sectoral legislation, data protection rules,
professional rules and security measures, effective and enforceable data
subject rights and effective administrative and judicial redress for
the data subjects whose personal data is being transferred; (b) the
existence and effective functioning of independent supervisory
authorities with responsibility for ensuring and enforcing compliance with
the data protection rules; (c) the international commitments the third
country or international organisation concerned has entered into in
relation to the protection of personal data.
Annual Reports The requirement under the GDPR that the European Data Protection
Board and each supervisory authority periodically report on their
activities. The supervisory authority report should include infringements
and the activities that the authority conducted under their Article 58(2)
powers. The EDPB report should include guidelines,
recommendations, best practices and binding decisions. Additionally,
the report should include the protection of natural persons with regard to
processing in the EU and, where relevant, in third countries and
international organisations. Shall be made public and be transmitted to
the European Parliament, to the Council and to the Commission.
Anonymous Information In contrast to personal data, this is not related to an identified or an
identifiable natural person and cannot be combined with other
information to re-identify individuals. It has been rendered
unidentifiable and, as such, is not protected by the GDPR.
Anti-discrimination Laws indications of special classes of personal data. If there exists law
protecting against discrimination based on a class or status, it is likely
personal information relating to that class or status is subject to more
stringent data protection regulation, under the GDPR or otherwise.
Appropriate Safeguards The GDPR refers to these in a number of contexts, including the
transfer of personal data to third countries outside the European Union,
the processing of special categories of data, and the processing of
personal data in a law enforcement context. This generally refers to the
application of the general data protection principles, in particular purpose
limitation, data minimisation, limited storage periods, data quality, data
protection by design and by default, legal basis for processing,
processing of special categories of personal data, measures to ensure
data security, and the requirements in respect of onward transfers to
bodies not bound by the binding corporate rules. This may also refer to
the use of encryption or pseudonymization, standard data protection
clauses adopted by the Commission, contractual clauses authorized by a
supervisory authority, or certification schemes or codes of conduct
authorized by the Commission or a supervisory authority. Should ensure
compliance with data protection requirements and the rights of the data
subjects appropriate to processing within the European Union.
