New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPP-E Topic 3 Question 88 Discussion

Actual exam question for IAPP's CIPP-E exam
Question #: 88
Topic #: 3
[All CIPP-E Questions]

SCENARIO

Please use the following to answer the next question:

ProStorage is a multinational cloud storage provider headquartered in the Netherlands. Its CEO. Ruth Brown, has developed a two-pronged strategy for growth: 1) expand ProStorage s global customer base and 2) increase ProStorage's sales force by efficiently onboarding effective teams. Enacting this strategy has recently been complicated by Ruth's health condition, which has limited her working hours, as well as her ability to travel to meet potential customers. ProStorage's Human Resources department and Ruth's Chief of Staff now work together to manage her schedule and ensure that she is able to make all her medical appointments The latter has become especially crucial after Ruth's last trip to India, where she suffered a medical emergency and was hospitalized m New Delhi Unable to reach Ruths family, the hospital reached out to ProStorage and was able to connect with her Chief of Staff, who in coordination with Mary, the head of HR. provided information to the doctors based on accommodate on requests Ruth made when she started a: ProStorage

In support of Ruth's strategic goals of hiring more sales representatives, the Human

Resources team is focused on improving its processes to ensure that new

employees are sourced, interviewed, hired, and onboarded efficiently. To help with

this, Mary identified two vendors, HRYourWay, a German based company, and

InstaHR, an Australian based company. She decided to have both vendors go

through ProStorage's vendor risk review process so she can work with Ruth to

make the final decision. As part of the review process, Jackie, who is responsible

for maintaining ProStorage's privacy program (including maintaining controller

BCRs and conducting vendor risk assessments), reviewed both vendors but

completed a transfer impact assessment only for InstaHR. After her review of both

boasted a more established privacy program and provided third-party attestations,

whereas HRYourWay was a small vendor with minimal data protection operations.

Thus, she recommended InstaHR.

ProStorage's marketing team also worked to meet the strategic goals of the

company by focusing on industries where it needed to grow its market share. To

help with this, the team selected as a partner UpFinance, a US based company

with deep connections to financial industry customers. During ProStorage's

diligence process, Jackie from the privacy team noted in the transfer impact

assessment that UpFinance implements several data protection measures

including end-to-end encryption, with encryption keys held by the customer.

Notably, UpFinance has not received any government requests in its 7 years of

business. Still, Jackie recommended that the contract require UpFinance to notify

ProStorage if it receives a government request for personal data UpFinance

processes on its behalf prior to disclosing such data.

What transfer mechanism did ProStorage most likely rely on to transfer Ruth's

medical information to the hospital?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the GDPR, one of the legal bases for transferring personal data to a third country or an international organization is when the transfer is necessary for the protection of the vital interests of the data subject or of another person, where the data subject is physically or legally incapable of giving consent (Article 49(1)). This exception applies only in very limited and exceptional situations, such as life-threatening medical emergencies. In this scenario, ProStorage most likely relied on this legal basis to transfer Ruth's medical information to the hospital in India, where she suffered a medical emergency and was hospitalized. Ruth was presumably unable to give her consent due to her health condition, and the transfer of her medical information was necessary to protect her vital interests, such as her life or health. Therefore, this transfer mechanism was more appropriate than the other options, which either require consent or are not relevant to the situation.


Contribute your Thoughts:

Chanel
4 months ago
Hah, this question is a real brain-teaser! I bet the answer is hidden somewhere in all that legal jargon. Let's see, B. Protecting the vital interest of Ruth sounds pretty good to me.
upvoted 0 times
Blondell
4 months ago
Yeah, I agree. Protecting Ruth's vital interest makes the most sense.
upvoted 0 times
...
Annabelle
4 months ago
I think you're right, B does sound like the best option.
upvoted 0 times
...
...
Velda
4 months ago
Hmm, I'm not convinced. It seems like the hospital was in a dire situation and had no other way to get the information they needed. I'd go with B. Protecting the vital interest of Ruth.
upvoted 0 times
Mi
3 months ago
Agreed, it was a critical situation where protecting Ruth's vital interest was the priority.
upvoted 0 times
...
Joesph
4 months ago
Yeah, the hospital had to act quickly to protect Ruth's health.
upvoted 0 times
...
Ashton
4 months ago
I think B makes sense. The hospital needed the information to help Ruth.
upvoted 0 times
...
...
Dannie
5 months ago
Well, I'm not sure about that. The scenario mentions that ProStorage had accommodation requests from Ruth, so I think the answer could be C. Performance of a contract with Ruth.
upvoted 0 times
...
Corrina
5 months ago
I think the answer is B. Protecting the vital interest of Ruth. The hospital needed to reach out to ProStorage to get information about Ruth's medical condition, which was crucial for her treatment.
upvoted 0 times
Matt
3 months ago
D) Protecting against legal liability from Ruth.
upvoted 0 times
...
Kristian
3 months ago
C) Performance of a contract with Ruth.
upvoted 0 times
...
Tonja
4 months ago
B) Protecting the vital interest of Ruth.
upvoted 0 times
...
Thaddeus
4 months ago
A) Ruth's implied consent.
upvoted 0 times
...
...
Leonor
5 months ago
That's a good point, Amber. But I still think protecting Ruth's vital interest is the most likely reason for transferring her medical information.
upvoted 0 times
...
Amber
5 months ago
I'm not sure, I think it could also be A) Ruth's implied consent. She might have given permission for her medical information to be shared.
upvoted 0 times
...
Marcelle
5 months ago
I agree with you, Leonor. It makes sense that they would transfer Ruth's medical information to the hospital to protect her vital interest.
upvoted 0 times
...
Leonor
6 months ago
I think the answer is B) Protecting the vital interest of Ruth.
upvoted 0 times
...

Save Cancel