Exin Exam PDPF Topic 3 Question 47 Discussion

Actual exam question for Exin's PDPF exam

Question #: 47
Topic #: 3

[All PDPF Questions]

According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?

AWhen a project includes technologies or processes that use personal data

BWhen processing is likely to result in a high risk to the rights of data subjects

CWhen similar processing operations with comparable risks are repeated

Show Suggested Answer

Suggested Answer: B

When a project includes technologies or processes that use personal data. Incorrect. Only for technologies and processes that are likely to result in a high risk to the rights of data subjects is the DPIA mandatory.

When processing is likely to result in a high risk to the rights of data subjects. Correct. For processing operations which are likely to result in a high risk, a DPIA is obligatory to assess those risks and to design mitigation measures. (Literature: A, Chapter 6; GDPR Article 35)

When similar processing operations with comparable risks are repeated. Incorrect. This is a case in which a DPIA does not need to be repeated.

by Janey at Aug 30, 2023, 03:03 PM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!