Free demo

As the saying goes, verbal statements are no guarantee. So we are willing to let you know the advantages of our DCPLA preparation materials. In order to let all people have the opportunity to try our products, the experts from our company designed the trial version of our DCPLA prep guide for all people. If you have any hesitate to buy our products. You can try the trial version from our company before you buy our DCPLA test practice files. The trial version will provide you with the demo. More importantly, the demo from our company is free for all people. You will have a deep understanding of the DCPLA preparation materials from our company by the free demo.

Serve you day and night

In order to make sure your whole experience of buying our DCPLA prep guide more comfortable, our company will provide all people with 24 hours online service. The experts and professors from our company designed the online service system for all customers. If you decide to buy the DCPLA preparation materials from our company, we can make sure that you will have the opportunity to enjoy the best online service provided by our excellent online workers. If you purchasing the DCPLA test practice files designed by many experts and professors from our company, we can promise that our online workers are going to serve you day and night during your learning period. If you have any questions about our DCPLA study materials, you can send an email to us, and then the online workers from our company will help you solve your problem in the shortest time. So do not hesitate to buy our DCPLA prep guide.

A wise decision

It is not easy for you to make a decision of choosing the DCPLA prep guide from our company, because there are a lot of study materials about the exam in the market. However, if you decide to buy the DCPLA test practice files from our company, we are going to tell you that it will be one of the best decisions you have made in recent years. As is known to us, the DCPLA preparation materials from our company are designed by a lot of famous experts and professors in the field. There is no doubt that the DCPLA prep guide has the high quality beyond your imagination. Choosing the DCPLA preparation materials from our company can but prove beneficial to all people. We believe that our products, at all events, worth a trial.

It is known to us that passing the DCPLA exam is very difficult for a lot of people. Choosing the correct study materials is so important that all people have to pay more attention to the study materials. If you have any difficulty in choosing the correct DCPLA preparation materials, here comes a piece of good news for you. The DCPLA prep guide designed by a lot of experts and professors from company are very useful for all people to pass the practice exam and help them get the DSCI certification in the shortest time. If you are preparing for the practice exam, we can make sure that the DCPLA test practice files from our company will be the best choice for you, and you cannot find the better study materials than our company'. There are a lot of advantages of our DCPLA preparation materials, and then, I am going to introduce the special functions of our DCPLA prep guide in detail to you. We are hopeful that you will like our products.

DOWNLOAD DEMO

DSCI Certified Privacy Lead Assessor DCPLA certification Sample Questions:

1. Which of the following is not in line with the modern definition of Consent?

A) Consent should be bundled in nature
B) Consent is taken by clear and affirmative action
C) Consenting individual should have the ability to withdraw consent
D) Purpose of processing should be informed to the individual before consenting

2. In which of the following cases would an organization be more prone to risk acceptance vs. risk mitigation?

A) The organization's risk tolerance is high
B) The organization uses exclusively a quantitative process to measure risk
C) The organization's risk tolerance is low
D) The organization uses exclusively a qualitative process lo measure risk

3. RCI and PCM
The Digital Personal Data protection Act 2023 has been passed recently. The Act shall be supported by subordinate Rules for various sections that will gradually bring more clarity into various aspects of the law.
First set of Rules are yet to be formulated and notified. A public sector bank has identified that it collects and processes personal data in physical documents and electronic form. The bank intends to assess its existing compliance level and proactively undertake an exercise to ensure compliance. Since this is the first time the bank is attempting to comply with a comprehensive privacy law, it has hired a legal expert in Privacy law to assist with initial assessment and compliance activities. As part of the initial visibility exercise the consultant identified that the bank collects and generates a significant amount of personal data in physical and digital form. The data may be upto 200 million customers' data. It is identified that customer onboarding is also done through various business correspondents in the field who collect and process personal data in physical and digital form on behalf of the bank for the purpose of opening bank accounts and this data is shared with the bank through various channels. There are upto 10 business correspondent companies that have been appointed by the bank across the country for such onboarding. These companies further appoint individual contractors on the field to face the customers. The legal consultant also identified that there are a huge number of employees and contractors engaged by the bank whose personal data is being collected and processed by the bank for HR purposes including biometric based attendance. While the intent of initial assessment was the new Act, the legal consultant has also identified that the Bank collects Aadhaar numbers (voluntary submission) from customers and employees and may be subject to Aadhaar Act compliance. It also came as a surprise that the bank wasn't aware of the data breach reporting mandate by one of the regulatory bodies under the Information Technology Act 2000 and that it was a criminal offense. The Bank generally outsources all non-core activities such as call centers which are handled by an Indian BPO company and document warehousing which is handled by another company. The Bank has also moved many of its applications to a known cloud provider as part of its digital strategy and there may be data transfer aspects associated with the same. On review of various contracts with third parties it was identified that the bank has signed standard terms of the cloud provider and has signed contracts with third parties which were in standard format of the third parties. Data protection obligations are not clear or available in these contracts. Bank leadership has been of the opinion that even the third parties should comply with the laws and robust contracts on legal compliance may not be needed. The legal consultant is not just expected to help identify gaps. assist in fixing the gaps but also to help implement controls and processes to continuously comply with evolving Rules under the new Act and also manage data protection with various third parties that may be appointed in the future.
(Note: Candidates are requested to make and state assumptions wherever appropriate to reach a definitive conclusion) Introduction and Background XYZ is a major India based IT and Business Process Management (BPM) service provider listed at BSE and NSE. It has more than 1.5 lakh employees operating in 100 offices across 30 countries. It serves more than
500 clients across industry verticals - BFSI, Retail, Government, Healthcare, Telecom among others in Americas, Europe, Asia-Pacific, Middle East and Africa. The company provides IT services including application development and maintenance, IT Infrastructure management, consulting, among others. It also offers IT products mainly for its BFSI customers.
The company is witnessing phenomenal growth in the BPM services over last few years including Finance and Accounting including credit card processing, Payroll processing, Customer support, Legal Process Outsourcing, among others and has rolled out platform based services. Most of the company's revenue comes from the US from the BFSI sector. In order to diversify its portfolio, the company is looking to expand its operations in Europe. India, too has attracted company's attention given the phenomenal increase in domestic IT spend esp. by the government through various large scale IT projects. The company is also very aggressive in the cloud and mobility space, with a strong focus on delivery of cloud services. When it comes to expanding operations in Europe, company is facing difficulties in realizing the full potential of the market because of privacy related concerns of the clients arising from the stringent regulatory requirements based on EU General Data Protection Regulation (EU GDPR).
To get better access to this market, the company decided to invest in privacy, so that it is able to provide increased assurance to potential clients in the EU and this will also benefit its US operations because privacy concerns are also on rise in the US. It will also help company leverage outsourcing opportunities in the Healthcare sector in the US which would involve protection of sensitive medical records of the US citizens.
The company believes that privacy will also be a key differentiator in the cloud business going forward. In short, privacy was taken up as a strategic initiative in the company in early 2011.
Since XYZ had an internal consulting arm, it assigned the responsibility of designing and implementing an enterprise wide privacy program to the consulting arm. The consulting arm had very good expertise in information security consulting but had limited expertise in the privacy domain. The project was to be driven by CIO's office, in close consultation with the Corporate Information Security and Legal functions.
Click on the exhibit button above to view the case study

What steps should the legal consultant suggest to manage data protection for the existing third parties with whom there are existing contracts? Please also mention the various controls that should be implemented with these third parties to ensure continued compliance and monitoring Please answer with respect to the PCM practice area (upto 250 words)

4. Which of the following could be considered as triggers for updating privacy policy? (Choose all that apply.)

A) Privacy breach
B) Regulatory changes
C) Recruitment of more employees
D) Change in service provider for an established business process

5. FILL BLANK
RCI and PCM
Given its global operations, the company is exposed to multiple regulations (privacy related) across the globe and needs to comply mostly through contracts for client relationships and directly for business functions. The corporate legal team is responsible for managing the contracts and understanding, interpreting and translating the legal requirements. There is no formal tracking of regulations done. The knowledge about regulations mainly comes through interaction with the client team. In most of the contracts, the clients have simply referred to the applicable legislations without going any further in terms of their applicability and impact on the company. Since business expansion is the priority, the contracts have been signed by the company without fully understanding their applicability and impact. Incidentally, when the privacy initiatives were being rolled out, a major data breach occurred at one of the healthcare clients located in the US. The US state data protection legislation required the client to notify the data breach. During investigations, it emerged that the data breach happened because of some vulnerability in the system owned by the client but managed by the company and the breach actually happened 5 months back and came to notice now. The system was used to maintain medical records of the patients. This vulnerability had been earlier identified by a third party vulnerability assessment of the system and the closure of vulnerability was assigned to the company. The company had made the requisite changes and informed the client. The client, however, was of the view that the changes were actually not made by the company and they therefore violated the terms of contract which stated that - "the company shall deploy appropriate organizational and technology measures for protection of personal information in compliance with the XX state data protection legislation." The company could not produce necessary evidences to prove that the configuration changes were actually made by it (including when these were made).
(Note: Candidates are requested to make and state assumptions wherever appropriate to reach a definitive conclusion) Introduction and Background XYZ is a major India based IT and Business Process Management (BPM) service provider listed at BSE and NSE. It has more than 1.5 lakh employees operating in 100 offices across 30 countries. It serves more than
500 clients across industry verticals - BFSI, Retail, Government, Healthcare, Telecom among others in Americas, Europe, Asia-Pacific, Middle East and Africa. The company provides IT services including application development and maintenance, IT Infrastructure management, consulting, among others. It also offers IT products mainly for its BFSI customers.
The company is witnessing phenomenal growth in the BPM services over last few years including Finance and Accounting including credit card processing, Payroll processing, Customer support, Legal Process Outsourcing, among others and has rolled out platform based services. Most of the company's revenue comes from the US from the BFSI sector. In order to diversify its portfolio, the company is looking to expand its operations in Europe. India, too has attracted company's attention given the phenomenal increase in domestic IT spend esp. by the government through various large scale IT projects. The company is also very aggressive in the cloud and mobility space, with a strong focus on delivery of cloud services. When it comes to expanding operations in Europe, company is facing difficulties in realizing the full potential of the market because of privacy related concerns of the clients arising from the stringent regulatory requirements based on EU General Data Protection Regulation (EU GDPR).
To get better access to this market, the company decided to invest in privacy, so that it is able to provide increased assurance to potential clients in the EU and this will also benefit its US operations because privacy concerns are also on rise in the US. It will also help company leverage outsourcing opportunities in the Healthcare sector in the US which would involve protection of sensitive medical records of the US citizens.
The company believes that privacy will also be a key differentiator in the cloud business going forward. In short, privacy was taken up as a strategic initiative in the company in early 2011.
Since XYZ had an internal consulting arm, it assigned the responsibility of designing and implementing an enterprise wide privacy program to the consulting arm. The consulting arm had very good expertise in information security consulting but had limited expertise in the privacy domain. The project was to be driven by CIO's office, in close consultation with the Corporate Information Security and Legal functions.
What should be the learning for the company going forward? What should the consultants suggest? (250 to
500 words)
D. None of the above

Solutions: