Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > EXIN > Privacy & Data Protection > PDPF > PDPF Online Practice Questions and Answers

PDPF Online Practice Questions and Answers

Questions 4

A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervisory Authority is informed of the type of data and the aims of the processing, including the contract describing what data will be processed and what data protection procedures and practices will be in place.

According to the GDPR, what should the Dutch Supervisory Authority do in this scenario?

A. Report the data processing to the German Supervisory Authority and leave the supervising to them.

B. Supervise the processing of personal data in accordance with Dutch Law.

C. Supervise the processing of personal data in accordance with German Law.

D. The Dutch Supervisory Authority should check that adequate binding contracts are in place. The German Supervisory Authority should supervise.

Buy Now

Correct Answer: D

Questions 5

The General Data Protection Regulation (GDPR) formalizes the data subject's right to data portability.

What is the objective of data portability?

A. The controller has the right to move the data subject's personal data from one organization to another.

B. The data subject has the right to move personal data concerning him or her.

C. The data subject has the right to move his/her personal data when moving to another country.

D. The Supervisory Authority authorizes the movement of personal data.

Buy Now

Correct Answer: B

Questions 6

What is considered a personal data processing for the General Data Protection Regulation (GDPR)?

A. Analysis of data regarding the cause of death in the last 10 years.

B. Creating a backup with records of names, addresses, enrollment of students.

C. Conducting analysis of personal data related to health issues, but which have previously been anonymized.

D. Statistical publication with intention to vote, help anonymously.

Buy Now

Correct Answer: B

Anonymized data is not under the scope of the GDPR, nor are data from deceased persons. Organizations that handle only this type of data do not need to conform to the GDPR.

Anonymized data reads data that is not possible to reverse in order to identify the data subject. There is also pseudonymized data, in which case it is possible to perform the reversal and identify the data holder.

Questions 7

The General Data Protection Regulation (GDPR) allows processing of personal data only for purposes explicitly permitted by law. A tax advisor wants to file income tax returns for a neighbor.

Which of the legitimate grounds in the GDPR applies?

A. Processing of the personal data is permitted in this case with explicit consent of the data subject.

B. Processing of the personal data is permitted because this is necessary for compliance with a legal obligation to which the controller is subject.

C. Processing of personal data is permitted in the course of a purely personal or household activity.

Buy Now

Correct Answer: A

Questions 8

What is the main purpose of the General Data Protection Regulation (GDPR)?

A. Protecting the data of everyone in Europe.

B. Protect the data of everyone in the world.

C. Protect data of data subjects located in the European Economic Area (EEA), regardless of the country of processing.

D. Protect confidential business data.

Buy Now

Correct Answer: C

Besides to what many persons think, the GDPR does not apply only to the EU, but to all member countries of the European Economic Area (EEA) that includes, in addition to the EU member countries, Iceland, Liechtenstein and Norway.

Questions 9

In its Article 9 the GDPR categorizes some types of personal data as "sensitive".

Of these below which are considered sensitive?

A. Date of birth of a person.

B. A person's home address.

C. Soccer team that a person supports.

D. Result of a medical examination.

Buy Now

Correct Answer: D

As stated in the statement, Article 9 concerns the treatment of special categories of personal data, also called sensitive data.

This is a type of question that is often asked by EXIN. Important to remember which types of data are categorized as sensitive.

Article 9: Processing of special categories of personal data

1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.

Examples of sensitive data: Race, skin color, family tree, political party, political party affiliation, religious beliefs, illness, test results, digital, facial recognition and sexual preference. These are just a few examples.

Questions 10

How should data protection between the processor and controller be regulated in accordance with the General Data Protection Regulation (GDPR)?

A. Contract

B. Supervisory Authority endorsement.

C. Compulsory Corporate Rules.

D. Standard contractual clauses.

Buy Now

Correct Answer: A

GDPR requires that there is a contract between the processor and the controller. This contract establishes rules and responsibilities such as: the object and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, and the obligations and rights of the controller. Quote from Article 28:

3. Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.

Questions 11

Which of these should appear in a Data Protection Impact Assessment (DPIA) according to the General Data Protection Regulation (GDPR)?

A. An assessment of the need and proportionality of treatment operations in relation to the objectives.

B. Data Protection Officer (DPO) contact and responsibilities.

C. An inventory and the flow of personal data within the organization.

D. A survey of other laws that must be taken into account in addition to the GDPR.

Buy Now

Correct Answer: A

In its Article 35 the GDPR legislates on the Impact assessment on data protection.

7) The assessment shall contain at least:

a) a systematic description of the envisaged processing operations and the purposes of the processing,

including, where applicable, the legitimate interest pursued by the controller;

b) an assessment of the necessity and proportionality of the processing operations in relation to the

purposes;

c) an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph 1; and

d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.

Questions 12

According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?

A. When a project includes technologies or processes that use personal data

B. When processing is likely to result in a high risk to the rights of data subjects

C. When similar processing operations with comparable risks are repeated

Buy Now

Correct Answer: B

When a project includes technologies or processes that use personal data. Incorrect. Only for technologies

and processes that are likely to result in a high risk to the rights of data subjects is the DPIA mandatory.

When processing is likely to result in a high risk to the rights of data subjects. Correct. For processing

operations which are likely to result in a high risk, a DPIA is obligatory to assess those risks and to design

mitigation measures.

(Literature: A, Chapter 6; GDPR Article 35)

When similar processing operations with comparable risks are repeated. Incorrect. This is a case in which

a DPIA does not need to be repeated.

Questions 13

The GDPR does not define privacy as a term but uses the concept implicitly throughout the text. What is a correct definition of privacy as implicitly used throughout the GDPR?

A. The right to respect for one's private and family life, home and personal correspondence

B. The right not to be disturbed by uninvited people, nor being followed, spied on or monitored

C. The fundamental right to protection of personal data, regardless of how it was obtained

D. The right to freedom of opinion and expression and to seeking, receiving and imparting information

Buy Now

Correct Answer: A

The fundamental right to protection of personal data, regardless of how it was obtained. Incorrect. This is a definition of data protection.

The right not to be disturbed by uninvited people, nor being followed, spied on or monitored. Incorrect. This is a definition of physical privacy. However, the GDPR does not concern itself with physical privacy.

The right to respect for one's private and family life, home and personal correspondence. Correct. This is the definition as implicitly used throughout the GDPR. (Literature: A, Chapter 1)

The right to freedom of opinion and expression and to seeking, receiving and imparting information. Incorrect. This is a short version of Universal Declaration of Human Rights Article 19: freedom of opinion and expression.

Exam Code: PDPF
Exam Name: Privacy and Data Protection Foundation
Last Update: Dec 13, 2024
Questions: 149

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2024 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.