OneTrust Certified Privacy Professional
SELECT ALL CORRECT CHOICES: Which of the below are valid stages of the assessment lifecycle?
"Not Started", "In Progress", "Under Review", and "Completed"
According to the LGPD, what is the amount of the fine to be applied when a violation occurs?
2% of the organization's revenue up to a total of 50 million Reals
Under the CCPA, how long do businesses have to rectify damages from a breach?
30 days
Per the CCPA's section 1798.130, A business shall, in a form that is reasonably accessible to consumers, disclose and deliver the required information to a consumer free of charge within:
45 days
SELECT ALL CORRECT CHOICES: Data Protection Impact Assessments (DPIAs) must contain the following information:
? Systemic description ? Codes of conduct Not Assessment of the risk Not Assessment of the necessity and proportionality ?Measures envisaged to address the risk, including safeguards, security measures and mechanism
SELECT ALL CORRECT CHOICES: What can be changed on a Data Subject Request Web Form in OneTrust?
??? ?Form Text Logo Subject Types ?Default days to respond ?Colors ?Request type
How can we allow for flexible answers within a OneTrust Assessment?
Allow "Other"
When multiple respondents are assigned an assessment, who can submit the assessment for review?
Any respondent
SELECT ALL CORRECT CHOICES: Which of the following are valid reporting activities in Data Mapping?
Article 30 report Asset Map
SELECT ALL CORRECT CHOICES: Data Mapping attributes can be populated through the following ways:
Assessments Through the UI on the details tab
SELECT ALL THAT APPLY: Which of the following are FALSE about Assessments within the OneTrust tool?
Assessments must be published from OneTrust's gallery of prebuilt assessment templates Assessment approvers can be internal or external
Which of the following is NOT an expected outcome of utilizing OneTrust privacy management tools:
Complete prevention of incidents
The Cookie Database leveraged by OneTrust's Cookie Compliance tool to categorize discovered cookies is called...
Cookiepedia
What functionality allows an assessment to be sent based on the answer of a previous assessment?
Creating Conditional Logic
SELECT ALL CORRECT CHOICES: Which of the following can be inventoried through the Data Mapping module?
Data Subject Requests Processing Activities
Per Article 35(3), under which of the following circumstances is a Data Protection Impact Assessment required to be conducted?
Data processing includes systematic and extensive evaluation of personal aspect based on automated processing Data processing occurs on a large scale including special categories of data Data processing includes systematic monitoring of a publicly accessible area on a large scale All of the above
SELECT ALL CORRECT CHOICES: What can be configured within a DSAR Workflow?
Default Approver Stage Name Subtasks
SELECT ALL CORRECT CHOICES: Which of the following are valid Request Actions in the Data Subject Access Request (DSAR) module in OneTrust?
Delete, Extend, Change Workflow
SELECT ALL CORRECT CHOICES: What OneTrust platform branding can be customized through the Global Settings module?
Email Template Displayed logo Header Color
According to the GDPR, who should be consulted when a Data Protection Impact Assessment (DPIA) reveals that processing of personal data results in a high risk?
European Data Protection Board
TRUE OR FALSE: Choosing a template from the OneTrust prebuilt gallery is required to create a new questionnaire template
False
Per the LGPD, communication to the national authority and the data subject regarding the occurrence of a security incident that may create risk or relevant damage to the data subject shall be done:
In a reasonable time period as defined by the national authority
Which of the following is not provided as one of the definitions of Consent within GDPR's Article 4?
In an interoperable format
Juliana received an assessment, but she was in a meeting and did begin the assessment. As soon as the meeting was over, Juliana responded and submitted the assessment. What are the stages described in the statement, respectively:
In progress and under review
SELECT ALL THAT APPLY: Which of the following were mentioned as key benefits to exercising the best practice of Assigning Incident Risks to Specific Owners:
Keep communication centralized Track accountability Improve your response time
Which of the following are ways Vendors can be assessed using the Vendor Management module?
Launched from within vendor workflows in the vendor inventory Launched from the assessments tab within the vendor management module Triggered by automation rules All of the above
Which of the following determines what a user can do in the OneTrust platform?
Managing Organization, Role
Does a Vendor contact need to be a user in OneTrust tool to respond to a Vendor Assessment?
No, OneTrust tool has invited user functionality that will allow Vendor to answer the assessment if an email id is provided in respondent field
The dialogue box next to the question in the image below is an example of what?
Question Hint
What setting allows auto deletion of attachments after a designated time period following the completion of a request?
Retention Policy
Per the GDPR, which Data Subject Right allows for data subjects to request correction of incorrect personal data?
Right to rectification
When a Risk Approver grants an Exception Requested by a Risk Owner, the Flag Risk stage is moved to:
Risk monitoring
SELECT ALL THAT APPLY: Which of the following can be added via rules when creating an incident workflow
Send a notification Create a task
SELECT ALL CORRECT CHOICES: Which of the following actions can you set up on a Template to be triggered based on how an assessment question is answered?
Send follow-up assessment Risk flagging
Which type of cookie does not require consent according to the ePrivacy Directive?
Strictly Necessary Cookies
According to the Article 25(1) of the GDPR, organizations should be able to demonstrate that they implement what type of appropriate measures? (select all that apply)
Technical, Organizational
Which of the following occurs when a respondent submits a Assessment?
The Assessment Approver is notified and begins risk assessment.
Which of the following is true about using attributes in the OneTrust Data Mapping Module:
They can be added using the inventory manager Attribute question types can be added to assessment templates They are listed in groups within the details page of an inventory item All of the above
TRUE OR FALSE: A Processor is required to notify data subjects of a breach without undue delay.
True
TRUE OR FALSE: All communication between the organization and the data subject can be handled via the message portal in OneTrust?
True
TRUE OR FALSE: All inventories in OneTrust have their own unique Attribute Manager?
True
TRUE OR FALSE: Data Mapping attributes can be populated from the assessments within the Assessment Automaton module.
True
TRUE OR FALSE: Multiple Asset and Processing Activities assessments can be sent simultaneously.
True
TRUE OR FALSE: Per the GDPR, Consent must be as easy to withdraw as it is to give in order to be valid.
True
TRUE OR FALSE: Subtasks can be assigned to people other than the request's default approver.
True
TRUE OR FALSE: Within Data Subject Requests Module, response templates can be added and/or Edited?
True
TRUE OR FALSE: You must manage all risks flagged in an assessment before approving an assessment.
True
TRUE or FALSE: New versions of Asset/Processing Activity templates can be created. True
True
An assessment in the "Under Review" state is....
Waiting for review by an approver before publishing changes to an inventory item
SELECT ALL CORRECT CHOICES: Which of the following are consent collection point types in OneTrust?
Webform Custom API
