CDPSE - Certified Data Privacy Solutions Engineer Privacy Risk Management Questions and Answers

Question 1

A financial services company is developing a new mobile application that will use customer transaction data to provide personalized investment recommendations using an AI-powered algorithm.
According to GDPR Article 35, which of the following is the MOST critical first step in the privacy risk management process for this new application?

Accepted Answer

Performing a Data Protection Impact Assessment (DPIA).

Answer

Conducting a vendor security assessment of the AI algorithm provider.

Answer

Developing an incident response plan for potential data breaches.

Answer

Obtaining explicit user consent for data processing via a pop-up.

Question 2

A data privacy engineer is tasked with integrating privacy risk management into the organization's existing Information Security Management System (ISMS). Which international standard provides a framework for establishing, implementing, and continually improving a Privacy Information Management System (PIMS) as an extension to ISO/IEC 27001?

Accepted Answer

ISO/IEC 27701

Answer

NIST Privacy Framework

Answer

COBIT 2019

Answer

ITIL 4

Question 3

Which of the following principles of Privacy by Design (PbD) is BEST demonstrated by configuring an application's data sharing settings to 'off' by default, requiring the user to actively enable sharing?

Accepted Answer

Privacy as the Default Setting

Answer

Proactive not Reactive; Preventative not Remedial

Answer

Full Functionality – Positive-Sum, not Zero-Sum

Answer

Visibility and Transparency – Keep it Open

Question 4

A privacy engineer is conducting a privacy risk assessment for a new HR system. The process involves identifying potential threats to personal data, analyzing the likelihood and impact of these threats, and then determining the overall level of risk. This phase of the risk management process is known as:

Accepted Answer

Risk Analysis

Answer

Risk Treatment

Answer

Risk Identification

Answer

Risk Evaluation

Question 5

When managing privacy risks, it is crucial to distinguish them from security risks. Which of the following scenarios describes a privacy risk arising from authorized data processing, rather than a security risk from unauthorized access?

Accepted Answer

Customer data collected for marketing is used to make automated, adverse credit decisions without transparency.

Answer

A hacker exploits a software vulnerability to access customer records.

Answer

An employee's login credentials are stolen and used to exfiltrate a client database.

Answer

An unencrypted laptop containing personal data is lost or stolen.

Question 6

The NIST Privacy Framework is designed to help organizations manage privacy risks. The Framework's 'Core' is a set of activities and outcomes that enables communication of privacy priorities. Which of the following is NOT one of the five high-level Functions of the NIST Privacy Framework Core?

Accepted Answer

Remediate-P

Answer

Identify-P

Answer

Govern-P

Answer

Protect-P