What type of personal information can be collected by a mobile application without consent?

1. A. Full name
2. B. Geolocation
3. C. Phone number
4. D. Accelerometer data

Correct Answer: D

Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?

1. A. Data custodian
2. B. Privacy data analyst
3. C. Data processor
4. D. Data owner

Correct Answer: D

Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

1. A. Providing system engineers the ability to search and retrieve data
2. B. Allowing individuals to have direct access to their data
3. C. Allowing system administrators to manage data access
4. D. Establishing a data privacy customer service bot for individuals

Correct Answer: B
Any organization collecting information about EU residents is required to operate with transparency in collecting and using their personal information. Chapter III of the GDPR defines eight data subject rights that have become foundational for other privacy regulations around the world:
Right to access personal data. Data subjects can access the data collected on them.

Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?

1. A. Subject matter expertise
2. B. Type of media
3. C. Regulatory compliance requirements
4. D. Location of data

Correct Answer: C

An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

1. A. Data integrity and confidentiality
2. B. System use requirements
3. C. Data use limitation
4. D. Lawfulness and fairness

Correct Answer: A