Download Exin.PDPF.TestKing.2019-10-23.24q.vcex

Download Exam

File Info

Exam EXIN Privacy and Data Protection Foundation
Number PDPF
File Name Exin.PDPF.TestKing.2019-10-23.24q.vcex
Size 18 KB
Posted Oct 23, 2019
Download Exin.PDPF.TestKing.2019-10-23.24q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervisory Authority is informed of the type of data and the aims of the processing, including the contract describing what data will be processed and what data protection procedures and practices will be in place. 
According to the GDPR, what should the Dutch Supervisory Authority do in this scenario?


  1. Report the data processing to the German Supervisory Authority and leave the supervising to them.
  2. Supervise the processing of personal data in accordance with Dutch Law.
  3. Supervise the processing of personal data in accordance with German Law.
  4. The Dutch Supervisory Authority should check that adequate binding contracts are in place. The German Supervisory Authority should supervise.
Correct answer: D



Question 2

For processing of personal data to be legal, a number of requirements must be fulfilled. 
What is a requirement for lawful personal data processing?


  1. A ‘code of conduct’, describing what the processing exactly entails, must be in place.
  2. The data subject must have given consent, prior to the processing to begin.
  3. The processing must be reported to and allowed by the Data Processing Authority
  4. There must be a legitimate ground for the processing of personal data.
Correct answer: D



Question 3

Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing. 
What is another important technical requirement?


  1. To ascertain that personal data collection is adequate, relevant and limited to what is necessary in relation to the purposes
  2. To control that data collected for specified, explicit and legitimate purposes is not further processed for other purposes
  3. To keep personal data accurate and up to date, ensuring that inaccurate data are erased or rectified without delay
  4. To make sure that personal data is processed lawfully, fairly and in transparent manner in relation to the data subject
Correct answer: A
Explanation:
Reference: http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm
Reference: http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm



Question 4

According to the GDPR, what is a mandatory topic in a DPIA report?


  1. Systematic description of the fiduciary duties to ensure compliance to all relevant laws and regulations
  2. An assessment of the necessity and proportionality of the processing operations in relation to the purposes
  3. The documentation of the risks to the rights and freedoms of the data protection officer
  4. The measures envisaged to address the privacy compliance frameworks risks
Correct answer: B



Question 5

What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?


  1. Controller
  2. Data Protection Officer
  3. Data Subject
  4. Processor
Correct answer: A
Explanation:
Reference: https://www.i-scoop.eu/gdpr/data-controller-data-controller-duties/
Reference: https://www.i-scoop.eu/gdpr/data-controller-data-controller-duties/



Question 6

The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available, if requested?


  1. The data processor
  2. The Data Protection Officer
  3. The European Commission
  4. The supervisory authority
Correct answer: D
Explanation:
Reference: https://www.whitecase.com/publications/article/chapter-10-obligations-controllers-unlocking-eu-general-data-protection
Reference: https://www.whitecase.com/publications/article/chapter-10-obligations-controllers-unlocking-eu-general-data-protection



Question 7

Which situation is considered a data breach according to the GDPR?


  1. A processor deletes personal data after his contract with the controller expired.
  2. A processor leaves his computer unattended, where colleagues may be able to access it.
  3. After a disk crash a processor restores personal data from a recent back-up.
  4. After processing a processor deletes personal data on instruction of the controller.
Correct answer: B



Question 8

A controller is processing personal data based on consent of the data subjects. There are no other legitimate grounds. While processing, the controller discovers that a data subject whose consent for the processing had been received, has died since. 
What, according to the GDPR, will be the consequences for the controller with regard to the processing?


  1. The controller can proceed with the processing as intended.
  2. The controller can proceed, but only for the purposes for which consent has been given.
  3. The controller must act as if the data subject has withdrawn consent and erase his/her data.
  4. The controller needs to find the heir in order to require consent for the processing.
Correct answer: A
Explanation:
Reference: https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr
Reference: https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr



Question 9

A personal data breach has occurred and the controller is writing a draft notification for the Supervisory Authority. The document describes the nature of the breach and its possible consequences. It also contains information on the parties that can provide additional information on the data breach to the Supervisory Authority. 
What other information should the controller add?


  1. Information of local and national authorities that have been informed about the data breach.
  2. Name and contact details of the data subjects whose data may be breached.
  3. Suggested measures to mitigate the adverse consequences of the data breach.
  4. The information needed to access the personal data that has been breached.
Correct answer: C



Question 10

The General Data Protection Regulation (GDPR) formalizes the data subject’s right to data portability. 
What is the objective of data portability?


  1. The controller has the right to move the data subject’s personal data from one organization to another.
  2. The data subject has the right to move personal data concerning him or her.
  3. The data subject has the right to move his/her personal data when moving to another country.
  4. The Supervisory Authority authorizes the movement of personal data.
Correct answer: B









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files