DSCI DCPP-01 Exam Practice Test Instant Access

Question 1

Which of the following instruments can be used for a legal data transfer when a company in the EU wishes to transfer data to Asian countries?

AFramework for the Privacy Shield

BStandard Contractual Clauses

CData processors must be certified by ISO 27001 under customized contracts

DBinding Corporate Rules

Answer : B, D

Question 2

According to the privacy statement of an organization, which of the following words is true?

AThe Information Technology (Amendment) Act, 2008 does not require the publication of privacy policies on websites in India

BThe content of an organization's online privacy statement will be influenced by the applicable laws, and may need to address requirements across geographic boundaries and legal jurisdictions

CA privacy statement demonstrates to stakeholders how an organization gathers, uses, discloses, and manages personal information

DIn order to follow privacy laws, it is mandatory that there is a phone contact information for the organization's owner in the online privacy statement so that customers can reach out in case of a concern or incident, which can be managed online

Answer : B

Question 3

How soon after becoming aware of the breach the data controller has to notify the supervisory authority under Article 33 of GDPR.

A17 hours

B24 hours

C36 hours

D72 hours

Answer : D

Question 4

Which law does not require notification of personal data breaches?

AJapanese Act on the Protection of Personal Information

BUK Data Protection Act, 2018

CGeneral Data Protection Regulation, 2016

DInformation Technology (Amendment) Act, 2008

Answer : D

Question 5

A team created by the Indian government has been assigned to create India's privacy law based on Justice AP Shah's recommendations. Is any of the following legislation necessary?

ANational privacy principles

BAn official national data controller registry should be created

CPenalties, remedies, and offenses

DA right to privacy that is explicitly enshrined in the constitution

Answer : A

Question 6

Which of the following mechanisms or steps are likely to be taken by an organization for implementing privacy program?

i Deploying physical and technology safeguards to protect personal information assets

ii. Privacy consideration in product and service design

iii. Privacy implementation to focus only on projects impacted by privacy breaches

iv. Benchmarking against industry peers' privacy implementation

v. Installing privacy enhancing tools and technologies for the projects dealing with organization's intellectual property

Please select the correct set of statements from the below options:

AAll

BAll except iii

COnly i, and ii

DOnly i, ii and iv

Answer : B

Question 7

A privacy lead assessor assessing your company for DSCI's privacy certification gets to know that your payroll process has been outsourced to a third party service provider. So, he/she is reviewing your contract with that service provider to ascertain which privacy related clauses are incorporated in the contract. What could be the possible reasons for reviewing the contract?

APossible violation of 'Collection Limitation'

BPossible violation of 'Use Limitation'

CRisk of data subjects directly reaching to service provider

DData security controls in third party provider's environment

Answer : A

DSCI DCPP-01 DSCI Certified Privacy Professional Exam Practice Test