Exin PDPF Exam Questions - Real Practice Questions for Guaranteed Success

Question 1

What is the definition of Supervisory Authority according to the GDPR?

AIndividual or legal entity processing personal data on behalf of the person responsible for processing personal data.

BAn independent public authority created by a Member State.

CIndividual or legal entity that is not authorized to process personal data

DIndividual or legal entity that, individually or in conjunction with others, determines the purposes and means of processing personal data.

Correct : B

Article 4 dealing with the GDPR Definitions says in its paragraph 21:

'supervisory authority' means an independent public authority which is established by a Member State pursuant to Article 51.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AIndividual or legal entity processing personal data on behalf of the person responsible for processing personal data.

BAn independent public authority created by a Member State.

CIndividual or legal entity that is not authorized to process personal data

DIndividual or legal entity that, individually or in conjunction with others, determines the purposes and means of processing personal data.

0 / 1500

Question 2

Who is responsible for demonstrating the compliance of personal data processing with the General Data Protection Regulation (GDPR)?

AThe Data Protection Officer (DPO)

BThe processor

CThe controller

DThe supervisory authority

Correct : C

The front line with the data holder is the Controller, see image. So, it is he who has to show compliance, who must be concerned with the legality of processing, who must implement security measures.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AThe Data Protection Officer (DPO)

BThe processor

CThe controller

DThe supervisory authority

0 / 1500

Question 3

To comply with the General Data Protection Regulation (GDPR) it is necessary to create a procedure for reporting data breaches to the Supervisory Authority.

As the controller is a public administration agency, which option is a requirement for this procedure?

AIt must contain a step to perform a Data Protection Impact Analysis (DPIA).

BIt must include an audit step.

CIt should include a step to consult the Data Protection Officer (DPO) in order to determine whether notification to the Supervisory Authority is necessary.

DIt must contain a step to notify the data subject.

Correct : C

It is not necessary to inform the Supervisory Authority of any violation that occurs. But every violation must be analyzed with caution and attention. It is not necessary to notify the Supervisory Authority only if it does not present risks to the data subjects.

The DPO must always be involved to guide the best strategy and action for each violation that occurs. Article 38 legislates on the position of the data protection officer:

1. The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.

It is clear that the DPO -- Data Protection Officer, must be involved in the entire data processing life cycle. From its collection to its exclusion.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AIt must contain a step to perform a Data Protection Impact Analysis (DPIA).

BIt must include an audit step.

CIt should include a step to consult the Data Protection Officer (DPO) in order to determine whether notification to the Supervisory Authority is necessary.

DIt must contain a step to notify the data subject.

0 / 1500

Question 4

A person who works for a union took home a draft newsletter to finish it. The thumb drive containing the draft and contact list has been lost. To whom, among others, this data breach should be reported?

ATo all members of the contact list

BTo the Union staff

CTo the police

Correct : A

This is sensitive data, so the loss must be reported to both the responsible authority and the data subjects.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ATo all members of the contact list

BTo the Union staff

CTo the police

0 / 1500

Question 5

Which of the following has a data breach under the General Data Protection Regulation (GDPR)?

AA processor, after terminating its contract with the controller, deletes personal data.

BA collaborator goes away without locking his workstation.

CA backup is restored by the controller to a corrupted personal data server.

DA notebook with financial reports from a multinational is stolen.

Correct : B

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AA processor, after terminating its contract with the controller, deletes personal data.

BA collaborator goes away without locking his workstation.

CA backup is restored by the controller to a corrupted personal data server.

DA notebook with financial reports from a multinational is stolen.

0 / 1500

Master Exin PDPF Exam with Reliable Practice Questions

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: