Free Preparation Discussions
MENU
Exin Exam PDPF Topic 1 Question 81 Discussion
Topic #: 1
Article 33 of the GDPR deals with ''Notification of a personal data breach to the supervisory authority''.
Paragraph 3 sets out the minimum information that must be included in this notification. Which of the below is one of these?
Yes, because the shopkeeper cannot identify the owner of the telephone. Incorrect. The issue is not whether the shopkeeper can identify the visitor, but that it is technically possible to do so.
Yes, because the visitor has automatically consented by connecting to the Wi-Fi. Incorrect. Consent must be an active, informed and free act of agreement to the processing. To see a MAC-address, the visitor does not need to be logged onto the Wi-Fi.
No, because the telephones MAC-address must be regarded as personal data. Correct. The phone's signal is a unique code that can be linked to the owner of the phone. The data must be regarded as personal data, because it is technically possible to identify the visitor. (Literature: A, Chapter 3; GDPR Article 26 and 30)
No, because the telephone providers are the owners of the MAC-addresses. Incorrect. The shopkeeper is not allowed to keep the data or process it because it must be regarded as personal data. The telephone provider is not the owner of the MAC-address, nor is the telephone provider protected by the GDPR.
Diane
2 days ago