Free Preparation Discussions
MENU
Exin PDPF Exam Questions
- Topic 1: Right to Object and Automated Individual Decision-Making/ Data Protection history in ‘birds view’
- Topic 2: Purpose Limitation and Purpose Specification/ Definitions and Historical Context
- Topic 3: Legitimate Grounds and Purpose Limitation/ Right to restriction of processing
- Topic 4: Material and territorial scope of the GDPR/ Lawfulness, Fairness and Transparency
- Topic 5: Regulation versus Directive/ Transparent Information, Communication and Modalities
- Topic 6: Direct, indirect, pseudonymized personal data/ Processing of Personal Data
- Topic 7: Information to be provided to the data subject in any case/ Legitimate Grounds for Processing
- Topic 8: Information on and Access to Personal Data/ Information to be provided to the data subject when transferring personal data
- Topic 9: Right of Access (Inspection) by the Data Subject/ Automated individual decision-making, including profiling
Free Exin PDPF Exam Actual Questions
Note: Premium Questions for PDPF were last updated On Apr. 06, 2025 (see below)
A secretary at a pediatric cardiology clinic instead of sending the doctor the list of patients scheduled for the day, sends it to all those responsible registered for the children with scheduled appointments.
According to the GDPR, does the Supervisory Authority need to be notified? And those responsible for the data holders?
This is an issue that addresses two very important points -- sensitive data and data from minors.
As these are, it is necessary to inform the Supervisory Authority and those responsible for the data subjects. Article 34 mentions:
1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
Recital 38 says:
Children merit specific protection regarding their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.
We know that when browsing the internet there is a lot of personal data that is collected. One mechanism for collecting this data is cookies.
How do marketers use this collected personal data?
There are some types of cookies, each with its own purpose.
Cookies are considered personal data, as they can identify a person.
In the case of the issue we are talking about the Tracking Cookies. These monitor our browsing activities and bombard us with advertisements and advertisements.
You may have already encountered the situation of searching for a particular product on the internet and then seeing ads for that product or similar on various websites.
Article 33 of the GDPR deals with ''Notification of a personal data breach to the supervisory authority''.
Paragraph 3 sets out the minimum information that must be included in this notification. Which of the below is one of these?
These are the minimum information that a notification of personal data breach to the supervisory authority must contain:
3. The notification referred to in paragraph 1 shall at least:
a) Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
b) Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
c) Describe the likely consequences of the personal data breach;
d) Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
A person finds that a private videotape showing her in a very intimate situation has been published on a website. She never consented to publication and demands that the video is being removed without undue delay.
According to the GDPR, what should be done next?
The GDPR refers to the principles of proportionality and subsidiarity. What is the meaning of subsidiarity in this context?
Personal data can only be processed in accordance with the purpose specification. Incorrect. This is one of the legal limitations.
Personal data cannot be reused without explicit and informed consent. Incorrect. This is one of the legal limitations.
Personal data may only be processed when there are no other means to achieve the purposes. Correct. This is the definition of subsidiarity. (Literature: A, Chapter 3; GDPR Article 35(7))
Personal data must be adequate, relevant and not excessive in relation to the purposes. Incorrect. This is the definition of proportionality.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Carmen
10 days agoStacey
14 days agoEdwin
29 days agoJeanice
1 months agoElly
1 months agoDeandrea
2 months agoMargarett
2 months agoYen
2 months agoAlyssa
3 months agoTamra
3 months agoElbert
3 months agoRicarda
3 months agoThea
4 months agoAmber
4 months agoLawrence
4 months agoNoah
4 months agoRima
4 months agoCorinne
5 months agoGlenn
5 months agoPura
5 months agoRex
5 months agoAlberto
5 months agoGerri
6 months agoXochitl
6 months agoProvidencia
6 months agoBuck
6 months agoVerlene
6 months agoGearldine
7 months agoDahlia
7 months agoSabina
7 months agoChara
9 months agoMargery
9 months agoLisandra
10 months ago