The GDPR specifies fines that may be levied against data controllers for certain infringements. Which of the following infringements would be subject to the less severe administrative fine of up to 10 million euros (or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year)?

• A.Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing.
• B.Failure to process personal information in a manner compatible with its original purpose.
• C.Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default.
• D.Failure to provide the means for a data subject to rectify inaccuracies in personal data.

Comment: *

Name: *

Email: *

Verification: *

SCENARIO
Please use the following to answer the next question:
BHealthy, a company based in Italy, is ready to launch a new line of natural products, with a focus on sunscreen. The last step prior to product launch is for BHealthy to conduct research to decide how extensively to market its new line of sunscreens across Europe. To do so, BHealthy teamed up with Natural Insight, a company specializing in determining pricing for natural products. BHealthy decided to share its existing customer information - name, location, and prior purchase history - with Natural Insight. Natural Insight intends to use this information to train its algorithm to help determine the price point at which BHealthy can sell its new sunscreens.
Prior to sharing its customer list, BHealthy conducted a review of Natural Insight's security practices and concluded that the company has sufficient security measures to protect the contact information. Additionally, BHealthy's data processing contractual terms with Natural Insight require continued implementation of technical and organization measures. Also indicated in the contract are restrictions on use of the data provided by BHealthy for any purpose beyond provision of the services, which include use of the data for continued improvement of Natural Insight's machine learning algorithms.
What is the nature of BHealthy and Natural Insight's relationship?

• A.Natural Insight is the controller because it determines the security measures to implement to protect data it processes; BHealthy is a co-controller because it engaged Natural Insight to determine pricing for the new sunscreens.
• B.Natural Insight is a controller because it is separately determine the purpose of processing when it uses BHealthy's customer information to improve its machine learning algorithms.
• C.Natural Insight is BHealthy's processor because the companies entered into data processing terms.
• D.Natural Insight is BHealthy's processor because BHealthy is sharing its customer information with Natural Insight.

Comment: *

Name: *

Email: *

Verification: *

What is the most frequently used mechanism for legitimizing cross-border data transfer?

• A.Approved Code of Conduct.
• B.Binding Corporate Rules.
• C.Derogations.
• D.Standard Contractual Clauses.

Comment: *

Name: *

Email: *

Verification: *

Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?

• A.The European Parliament
• B.The European Commission
• C.The Article 29 Working Party
• D.The European Council

Comment: *

Name: *

Email: *

Verification: *

Data retention in the EU was underpinned by a legal framework established by the Data Retention Directive (2006/24/EC). Why is the Directive no longer part of EU law?

• A.The Directive was annulled by the European Court of Human Rights.
• B.The Directive was superseded by the EU Directive on Privacy and Electronic Communications.
• C.The Directive was annulled by the Court of Justice of the European Union.
• D.The Directive was superseded by the General Data Protection Regulation.

Comment: *

Name: *

Email: *

Verification: *