Direct Marketing, Internet Technology Communications & Outsourcing

Question 1

What is the definition of direct marketing?

Answer 1

Any form of sales promotion

Question 2

True or False: Direct marketing includes direct marketing by charities and political organisations?

Answer 2

True

Question 3

Define this concept: Direct Marketing

Answer 3

Any form of sales communication directed to particular individuals

Question 4

What is excluded from Direct Marketing with respect to the GDPR?

Answer 4

(1) Messages that do not include personal data, and
(2) Messages that are purely service related

Question 5

True or False: Under the GDPR, individuals have a limited right to object to direct marketing, only in certain circumstances.

Answer 5

FALSE - individuals have an absolute right to object to direct marketing.

Question 6

How does the GDPR apply to direct marketing?

Answer 6

It applies to all direct marketing.

Question 7

How does the ePrivacy Directive apply to direct marketing?

Answer 7

It applies to DIGITAL MARKETING, specifically outlining rules to impact avertising behaviour.

Question 8

What requirements does the GDPR place on Controllers with respect to direct marketing?

Answer 8

(1) Clearly and explicitly inform individual of right to opt out,
(2) Allow opt out across all channels and
(3) Honor opt out requests, remove personal data and profiling.

Question 9

True or False. Postal marketing are subject to the ePrivacy Directive

Answer 9

False.

Question 10

True or False: Telephone marketers are subject to the ePrivacy Directive.

Answer 10

True.

Controllers must ensure they satisfy the general requirements of the GDPR.

Question 11

True or False. Email marketers are subject to the ePrivacy Directive.

Answer 11

True.

Controllers must ensure they satisfy the general requirements of the GDPR.

Question 12

True or False: In the absence of mandated consent, controllers may require on legitimate interests for direct marketing

Answer 12

True subject to conditions

Question 13

What are the conditions that allow direct marketers to rely on legitimate interests in the absence of mandated consent for direct marketing?

Answer 13

Balance the following:
(1) Whether individual is existing customer
(2) Nature of products/services
(3) Whether controller previously told individual whether they would send direct marketing communications

Question 14

True or False. Mandated consent is required for direct postal marketing

Answer 14

True in MOST member states

Question 15

True or False. Email marketing requires prior consent.

Answer 15

True - subject to additional considerations

Question 16

True or False. A controller may send unlimited email marketing material provided they have the individuals consent.

Answer 16

False.

Even with consent, email marketing is still limited by the following:
(1) Controller markets similar material
(2) Individual must have ability to opt out at time details are collected
(3) Individual is reminded of ability to opt out with each communication

Question 17

Name information that must be included to recipients of direct marketing emails.

Answer 17

(a) Address for opt out
(b) clear identity of sender
(c) Clear indication of commercial message
(d) Clear promotional offers
(e) Clearly identified promotional competitions

Question 18

Define: Online behavioural advertising

Answer 18

Advertising based on individual interests.

Question 19

Example: Facebook loves to marketing to individuals via what style of direct marketing.

Answer 19

Online behavioural advertising

Question 20

True or False: the ePrivacy directive will apply to online behavioral advertising, regardless of whether the data constitutes personal data.

Answer 20

True

Question 21

True or False. Under the ePrivacy Directive, consent is required to use cookies.

Answer 21

True.

Article 5(3)

Question 22

Define web cookies.

Answer 22

Text file stored by website for later use.

Question 23

What is a text file stored by a website for later use?

Answer 23

Web Cookie

Question 24

What is shared infrastructure governed by a supplier?

Answer 24

Cloud Computing

Question 25

Define a controller with respect to cloud computing,

Answer 25

i. Determines substantial and essential elements of the means of processing
ii. Processes data for own purpose, or
iii Determines aspects of processing outside controller’s instruction

Question 26

What is a site that users IP address, cookies, user log files, etc.

Answer 26

Search Engine

Question 27

Define a search engine with respect to data usage

Answer 27

Site that uses IP address, cookies, user log files, etc.

Question 28

True or False. Search engines are data controllers

Answer 28

True

Question 29

What is SNS?

Answer 29

Social Network Services

Question 30

Are Social Network Services (SNS) Providers data conrollers?

Answer 30

Yes

Question 31

What transparency obligations are applicable to SNS Providers?

Answer 31

Transparency Obligations
(i) Marketing purposes and right to opt out
(ii) Personal data shared with third parties
(iii) Also, profiling, sensitive personal data, risks to privacy, and consent to third party.

Question 32

What is outsourcing?

Answer 32

when data processing is carried out by another party, such as a service bureau.

Question 33

True or False: The GDPR established direct legal obligations between processors and controllers.

Answer 33

True.

The GDPR establishes direct legal obligations applicable to service providers acting as ‘processors’ whilst giving an increased emphasis to the contractual obligations in place between customers and data processing service providers.

Question 34

Which party is primarily responsible for data privacy compliance?

Answer 34

Data Controller.

Question 35

What is an example as location based marketing?

Answer 35

“Individuals passing by their local coffee shop may receive an invitation for a free coffee, whilst those passing retail outlets may be offered a discount to enter the store and do some shopping.”

Excerpt From
IAPP_E_TB_European-Data-Protection_2nd_Edition
This material may be protected by copyright.

Question 36

True or False. The GDPR will apply in most location based marketing.

Answer 36

True.

“The Regulation applies whenever the use of location data involves processing of personal data and therefore will apply in most, if not all, instances of location-based marketing”

Excerpt From
IAPP_E_TB_European-Data-Protection_2nd_Edition
This material may be protected by copyright.

Question 37

True or False. The ePrivacy directive requires opt in consent to use their location data.

Answer 37

True.

“The ePrivacy Directive requires that individuals give opt-in consent to use their location data to provide a ‘value-added service’.19”

Excerpt From
IAPP_E_TB_European-Data-Protection_2nd_Edition
This material may be protected by copyright.