File Info
| Exam | EXIN Privacy and Data Protection Foundation |
| Number | PDPF |
| File Name | Exin.PDPF.SelfTestEngine.2018-12-02.17q.vcex |
| Size | 13 KB |
| Posted | Dec 02, 2018 |
| Download | Exin.PDPF.SelfTestEngine.2018-12-02.17q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
According to the GDPR, for which situations should a Data Protection impact Assessment (DPIA) be conducted?
- For all projects that include technologies or processes that require data protection
- For all sets of similar processing operations with comparable risks
- For any situation where technologies and processes will be subject to a risk assessment
- For technologies and processes that are likely to result in a high risk to the rights of data subjects
Correct answer: A
Explanation:
Reference: https://eugdprcompliant.com/dpia-guidelines/ Reference: https://eugdprcompliant.com/dpia-guidelines/
Question 2
While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder’s name and address, PIN number and more.
What kind of a data breach is this?
- Material
- Non-material
- Verbal
Correct answer: B
Question 3
Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data.
Which aspect of the rights of a data subject in the General Data Protection Regulation (GDPR) requires the company to comply?
- The right to erasure
- The right to rectification
- The right to restriction of processing
- The right to withdraw consent
Correct answer: D
Explanation:
Reference: https://gdpr-info.eu/art-7-gdpr/ Reference: https://gdpr-info.eu/art-7-gdpr/
Question 4
Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing.
What is another important technical requirement?
- To ascertain that personal data collection is adequate, relevant and limited to what is necessary in relation to the purposes
- To control that data collected for specified, explicit and legitimate purposes is not further processed for other purposes
- To keep personal data accurate and up to date, ensuring that inaccurate data are erased or rectified without delay
- To make sure that personal data is processed lawfully, fairly and in transparent manner in relation to the data subject
Correct answer: A
Explanation:
Reference: http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm Reference: http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm
Question 5
According to the GDPR, what is a mandatory topic in a DPIA report?
- Systematic description of the fiduciary duties to ensure compliance to all relevant laws and regulations
- An assessment of the necessity and proportionality of the processing operations in relation to the purposes
- The documentation of the risks to the rights and freedoms of the data protection officer
- The measures envisaged to address the privacy compliance frameworks risks
Correct answer: B
Question 6
What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?
- Controller
- Data Protection Officer
- Data Subject
- Processor
Correct answer: A
Explanation:
Reference: https://www.i-scoop.eu/gdpr/data-controller-data-controller-duties/ Reference: https://www.i-scoop.eu/gdpr/data-controller-data-controller-duties/
Question 7
The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available, if requested?
- The data processor
- The Data Protection Officer
- The European Commission
- The supervisory authority
Correct answer: D
Explanation:
Reference: https://www.whitecase.com/publications/article/chapter-10-obligations-controllers-unlocking-eu-general-data-protection Reference: https://www.whitecase.com/publications/article/chapter-10-obligations-controllers-unlocking-eu-general-data-protection
Question 8
Which situation is considered a data breach according to the GDPR?
- A processor deletes personal data after his contract with the controller expired.
- A processor leaves his computer unattended, where colleagues may be able to access it.
- After a disk crash a processor restores personal data from a recent back-up.
- After processing a processor deletes personal data on instruction of the controller.
Correct answer: B
Question 9
A controller is processing personal data based on consent of the data subjects. There are no other legitimate grounds. While processing, the controller discovers that a data subject whose consent for the processing had been received, has died since.
What, according to the GDPR, will be the consequences for the controller with regard to the processing?
- The controller can proceed with the processing as intended.
- The controller can proceed, but only for the purposes for which consent has been given.
- The controller must act as if the data subject has withdrawn consent and erase his/her data.
- The controller needs to find the heir in order to require consent for the processing.
Correct answer: A
Explanation:
Reference: https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr Reference: https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr
Question 10
According to the GDPR, what is the main reason to consider data protection in the initial design phase?
- It ensures efficiency in project phases
- It ensures privacy by default
- It reduces the risk of fraud
- It reduces the risk of liability
Correct answer: B
