Free Preparation Discussions
MENU
Exin PDPF Exam Questions
- Topic 1: Right to Object and Automated Individual Decision-Making/ Data Protection history in ‘birds view’
- Topic 2: Purpose Limitation and Purpose Specification/ Definitions and Historical Context
- Topic 3: Legitimate Grounds and Purpose Limitation/ Right to restriction of processing
- Topic 4: Material and territorial scope of the GDPR/ Lawfulness, Fairness and Transparency
- Topic 5: Regulation versus Directive/ Transparent Information, Communication and Modalities
- Topic 6: Direct, indirect, pseudonymized personal data/ Processing of Personal Data
- Topic 7: Information to be provided to the data subject in any case/ Legitimate Grounds for Processing
- Topic 8: Information on and Access to Personal Data/ Information to be provided to the data subject when transferring personal data
- Topic 9: Right of Access (Inspection) by the Data Subject/ Automated individual decision-making, including profiling
Free Exin PDPF Exam Actual Questions
Note: Premium Questions for PDPF were last updated On Nov. 08, 2024 (see below)
A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal dat
a. Which role in data protection is defined here?
Controller: Correct. The controller determines the purpose and means of the processing. (Literature: A, Chapter 1; GDPR Article 4(7))
Processor: Incorrect. The controller determines the purpose of the processing, the processor works on the controller's instructions.
Supervisory authority: Incorrect. The supervisory authority monitors and enforces compliance with the GDPR requirements.
Third party: Incorrect. A third party has no role in determining the purpose of the processing. Any party that determines the purpose would become a new controller.
What is the term used in the General Data Protection Regulation (GDPR) for the disclosure of, or unauthorized access to, personal data?
GDPR uses the term data breach.
Article 4 paragraph 12
'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
To plan the amount of parking space needed, a local government monitors and saves the license plate number of every car that enters and leaves the city center. They have obtained permission to collect data on the number of cars present in the city center. By comparing the license plate time of entry and exit the number of cars present every moment of each day is calculated. Each month a report is created detailing the average number of cars in the city center at specific moments for every day of the week. At every entrance to the city center, a billboard clearly states what data is collected by whom, the purpose of the processing and the fact that the license plate numbers are saved securely for up to two years, because the measurements will be repeated next year. Which of the basic principles for legitimate processing of personal data is violated in this scenario?
Personal data are collected for specified, explicit and legitimate purposes and not further processed. Incorrect. The local government is entitled to collect data on the number of cars present.
Personal data are kept in a form permitting identification of data subjects for no longer than is necessary. Correct. In the given scenario, there is no need to retain the data of a specific car identifying the owner once it has left the area (Literature: A, Chapter 2; GDPR Article 5)
Personal data are processed in a manner that ensures appropriate security of the personal data. Incorrect. The scenario does not suggest inappropriate security.
Personal data are processed in a transparent manner in relation to the data subject. Incorrect. The processing is taking place transparently, since it is communicated properly to the data subjects.
A Belgian company has their headquarters in France for tax purposes. They enter into a legally binding contract with a processor in the Netherlands for the processing of personal data of data subjects with various nationalities. A personal data breach occurs. The supervisory authorities start an investigation. Why is the French supervisory authority seen as the lead supervisory authority?
Because France is located in the middle of Europe. Incorrect. The geographical position of the countries is irrelevant.
Because France is the largest of the three EEA countries. Incorrect. The size of the countries is irrelevant.
Because the company has their headquarters in France. Correct. The country of the main establishment determines the lead supervisory authority. The 'main establishment' is the place of the central administration of that organization, or in other words: headquarters. (Literature: A, Chapter 7)
According to the GDPR, what is a task of a supervisory authority?
Implement technical and organizational measures to ensure compliance. Incorrect. This is the task of the controller.
Investigate security breaches of corporate information. Incorrect. Only breaches of personal data are a concern of the supervisory authority.
Monitor and enforce the application of the GDPR. Correct. This is the main task of any supervisory authority. (Literature: A, Chapter 7)
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Pura
1 days agoRex
6 days agoAlberto
10 days agoGerri
23 days agoXochitl
26 days agoProvidencia
1 months agoBuck
1 months agoVerlene
1 months agoGearldine
2 months agoDahlia
2 months agoSabina
2 months agoChara
4 months agoMargery
4 months agoLisandra
5 months ago