HomeDSCIDSCI CertificationsDSCI Privacy Professional DCPP-01 Practice Exam Dumps Updated
June 25, 2020

DSCI Privacy Professional DCPP-01 Practice Exam Dumps Updated

You can choose to take and pass DCPP-01 DSCI certified Privacy Professional exam as skilled privacy professionals are in high demand. DCPP is a pioneer credentialing program which empowers you with knowledge and equips you with necessary skills to advance your career in the field of data privacy. According to DCPP-01 exam skills, we have updated the DSCI Privacy Professional DCPP-01 Practice Exam Dumps to ensure that you can pass DSCI DCPP-01 exam smoothly.

Check DCPP-01 Free Dumps Before Getting New DCPP-01 Exam Dumps

1. APEC privacy framework envisages common principles such as Notice, Collection limitation, Use Limitation, Access and Correction, Security/Safeguards, and Accountability.

But it differs from the EU Data Protection Directive in which of the below aspect?

2. A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

Which of the following are not mandatory pre-requisite before transferring sensitive personal data to its Asian branches?

3. A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For exporting EU branch employees’ data to Asian Countries for processing, which of the following instruments could be used for legal data transfer?

4. A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For the outsourced work of its customers’ data processing, in order to initiate data transfer to another organizations outside EU, which is the most appropriate among the following?

5. With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, “the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles”.

6. From the below listed options, identify the new privacy principle that is being advocated in proposed EU General Data Protection Regulation?

7. Which of the following statements are true about the privacy statement of an organization?

8. With respect to ‘Data Minimization’ privacy principle, please select the correct statements from the following:

9. Which of the following privacy principle deals with informed consent of the data subject before sharing the personal information (of the data subject) to third parties for processing?

10. For negligence in implementing and maintaining the reasonable security practices and procedures for protecting Sensitive Personal Data or Information (SPDI) as mentioned in Section 43A and associated rules under IT (Amendment) Act, 2008, a corporate entity may be liable to pay compensation of up to___________

11. ‘Challenging Compliance’ as a privacy principle is covered in which of the following data protection/privacy act?

12. Which of the following is not required by an organization in US, resorting to EU-US Safe Harbor provisions, to transfer personal information from EU member nation to US?

13. Please select the incorrect statement in context of “Online Privacy”:

14. Complete the sentence: The Gramm-Leach-Bliley Act (GLBA) of US regulates the privacy practices adopted by financial institutions, requiring them to provide adequate security of the customer records. It lays various obligations on the financial institutions but allows such financial institutions to share the non-public information of customers (after properly notifying their consumers in a manner mentioned in the Act) with

15. Companies based in EU and willing to transfer data outside the EU/EEA, use model contracts as an instrument.

Which of the following statements are true in reference to above statement?

16. After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India.

Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

17. Select the element(s) of APEC cross border privacy rules system from the following list:

i. self-assessment

ii. compliance review

iii. recognition/acceptance by APEC members

iv. dispute resolution and enforcement

Please select correct option:

18. A ministry under government of India plans to collect citizens’ information related to their education, medical condition, economic status, caste and religion.

As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens’ ‘Consent’ would be mandatory for which of the following elements before their collection?

19. Which of the following legislations/guidelines do not cover the concept of trans-border data flow?

20. XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract.

Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

21. Which of the following categories of information are generally protected under privacy laws?

22. Effective 2013, HIPAA Omnibus rule applies to which of the following?

23. A US IT company has created a cloud based application for Canadian consumers only, with servers located in Vancouver, Canada. The application allows its users to publish their short stories, essays or e-books. The purpose of the application, i.e. literary work, is clearly stated in the terms and conditions which are mandatorily acknowledged by each user.

With respect to this application, the company must ensure compliance with:

24. XYZ & Co., an Indian hospital specialized in dealing with cancer treatment has organized a free health checkup camp for women in a specific district, after seeking due permission from competent authorities. During the camp the hospital staffs will be feeding the medical records of these women into the computer connected to hospital network system.

Does the said hospital need to notify its privacy policy to the women attending the camp and seek their consent regarding the collection and processing of such information?

25. Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

26. Which of the following provides the legal basis for an Adjudicating Officer in every Indian state & union territory, with the powers of a civil court, to hear complaints and order compensation to the affected individuals?

27. According to IT (Amendment) Act,2008, who should designate a grievance officer to redress grievance(s) of provider of information?

28. You are part of a team that has been created by Indian government to create India’s privacy law based on recommendations in Justice AP Shah’s Report.

Which of the following provisions should be addressed in the law?

29. Which of the following privacy regulation advocates de-identification of personal information?

30. Indian constitution does not expressly provide for the “right to privacy” to its citizens.

However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.

31. Which among the following is the Canadian privacy law?

32. ABC company is a large US based IT Company that provides a range of services to its clients. The company had developed a cloud based application providing end-to-end services for the medical industry.

The application had three modules for:

- Patients

- Hospitals and Doctors

- Insurance and Pharmaceutical companies

Each of the modules was designed to be integrated with others depending on user's choice. For example, a patient could choose to share his/her medical history with his/her doctor (for medical advice) as well as insurance companies (for claims).

The application requires that all registered users of the application read and acknowledge the privacy policy. Additionally, users are required to identify the purpose for which they are providing any personal data in any of the modules. For example, a patient providing his/her medical history and current symptoms can select ‘Medical Advice’ as the purpose for the data being provided.

Few months ago, company launched new services in the applications namely, Business Analytics, Group Consultations, Insurance Policy purchase, and Medical Trials Management. The new services used all existing data collected over the years from users. The Company's clients/users are based only in three geographical locations - United States, European Union and India. Additionally, to facilitate better performance of its application, the company established one datacenter each in US, Germany and India for its operations. Each of the datacenter provides the following: -US Datacenter - Storage of data for US based users only -Germany Datacenter - Storage of data for EU based users only -India Datacenter - Storage of data for India based users and alternate site for US and Germany Datacenters (used as part of global load balancing) -Services of a cloud service provider are leveraged in US as a Disaster Recovery (DR) site for Indian Datacenter

Recently, the company's Application Support Desk has started receiving user complaints related to unsolicited communications.

These complaints have warranted a review of company's privacy policies as well as practices.

The use of all user data for business analytics would be in direct conflict with which of the following privacy principles?

33. If an entity operates a website designed for kids or a website that targets general audience but collects information from individuals known to be under age of 13 years, the entity must comply with requirements in the US.

34. As per GDPR, the adequacy decision is taken the European Commission based on its findings and assessment of privacy laws of the third country, territory, sector, etc. The ____________ is required to provide the Commission with an opinion for the assessment of the adequacy of the level of protection in a third country or international organization, including for the assessment whether a third country, a territory or one or more specified sectors within that third country, or an international organization.

35. As per Article 33 of GDPR, in case of a personal data breach, the data controller has to inform the supervisory authority within ___________ of becoming aware of the breach.

36. Which of the following wasn't prescribed as a privacy principle under the OECD Privacy Guidelines, 1980?

37. As per Article 6 of General Data Protection Regulation, 2016, which of the following is not a lawful ground of processing personal data?

38. “As per Indian laws, any information that is freely available or accessible in public domain cannot be regarded as sensitive personal data or information.”

Please state if this statement is True or False.

39. Which of the following laws does not have a mandatory personal data breach notification requirement?

40. The Information Technology (Reasonable Security Practices And Procedures and Sensitive Data or Information) Rules, 2011 incorporate which of the following privacy concepts and principles:

i. Collection Limitation

ii. Accountability

iii. Right to be forgotten

iv. Purpose Limitation

v. Access and correction


 

Pass the DSCI Certified Privacy Lead Assessor (DCPLA) Exam with Confidence: The Valid DCPLA Dumps For Preparation
DSCI certified Privacy Professional DCPP-01 Exam Questions
Tags:, , , , , , ,

Related Posts

About The Author

dumps

From our dumpsbase platform you could search what exams you need then test or practice online by yourself. Download the PDF file if you need directly. Any other questions you can mail [email protected]

Add a Comment

Your email address will not be published. Required fields are marked *