Free Exin PDPF Exam Dumps and PDPF Exam Questions

Question No: 1

MultipleChoice

What is the essence of the principle Full Lifecycle Protection?

Options

ADelivering the maximum degree of data protection by default, ensuring that personal data are automatically protected in any given IT system or business practice.

BEnsuring that whatever business practice or technology is involved, processing is done according to the stated objectives, subject to independent verification

CEmbedding security measures to protect the data horn the moment it is collected throughout processing until M is destroyed at the end of the process

DPrioritizing the protection of the interests of the individual by offering for example strong privacy defaults, appropriate notice or user-friendly options.

Question No: 2

MultipleChoice

A processor is instructed to report on customers who bought a product both last month and at least once in the three months before that Unfortunately, the processor makes a mistake and uses personal data collected by another controller for a different purpose.

The mistake is found before the report is created, and nobody had access to personal date he or she should not have had access to.

How should the processor act on this situation and what should the controller do if anything?

Options

AThe processor must notify the controller and the controller most notify the Data Protection Authority of a data breach.

BThe processor must notify the controller of a data breach. The controller must assess the possible risk to the data subjects.

CThe processor must notify the Data Protection Authority of a data breach. The controller must execute a PIA to assess the risk to data subjects.

DThe processor must restart processing using the right data. There is no need for the controller to act.

Question No: 3

MultipleChoice

The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations.

What else is a legal obligation of the Supervisory Authority in reaction to such a not ideation?

Options

ATo assess compliance with the law in all cases where sensitive personal data is processed

BTo assess the legitimacy of operations that involves specific risks for the data subjects

CTo assess the legitimacy of binding contract(s) between lite controller and the data processor(s)

DTo give out a license for the data processing, specifying the types of personal data which are allowed

Question No: 4

MultipleChoice

Someone regularly receives offers from a store where he purchased something five years ago.

He wants the company to stop sending offers and to wipe his personal data.

Which aspect of the right of a data subject in the General Data Protection Regulation (GDRP) requires the company to comply?

Options

AThe right to erasure

BThe right to rectification

CThe tight to reduction of processing

DThe right to withdraw consent

Question No: 5

MultipleChoice

Important technical requirements set out in the General Data Protection Regulation (GDPR) are about quality. One is the obligation to ensure appropriate security, including protection against authentication against unauthorized or unlawful processing.

What is another important technician requirement?

Options

ATo ascertain that personal data collection is adequate, relevant and limited to what is necessary in relation to the purposes

BTo control that data collected for specified, explicit and legitimate purposes is not further processed for other purposes

CTo keep personal data accurate and up to date, ensuring, that inaccurate data are erased or rectified without delay

DTo make sure that personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject

Question No: 6

MultipleChoice

According to the GDPR, what is a mandatory topic in a report?

Options

AA systematic description of the fiduciary duties to insure compliance to all laws relevant laws and regulations

BAn assessment of the necessity and proportionally of the processing operations in relation to the purposes

CThe documentation of the risks to the rights and freedoms of the data protection officer

DThe measures envisaged to address the privacy compliance frameworks risks

Question No: 7

MultipleChoice

What is the role of the one assigned responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?

Options

AController

BData Protection Officer

CData Subject

DProcessor

Question No: 8

MultipleChoice

The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available records available, if requested?

Options

AThe data processor

BThe Data Protection Officer

CThe European Commission

DThe supervisory authority

Question No: 9

MultipleChoice

Which situation is considered a data breach according to the GDRP?

Options

AA processor deletes personal data after his contract with the controller expired.

BA processor leaves his computer unattended, where colleagues may be able to access it.

CAlter a disk crash a processor restores personal data from a recent back-up.

DAfter processing a processor delete personal data on instruction of the controller

Question No: 10

MultipleChoice

What does the GDPR concept of 'binding corporate rules' (BCR) imply?

Options

AA commission decision on the safety of data transfer to a third country

BA set of rules used by a group of enterprises concerning personal data protection in international transfers

CMeasures to compensate for the lack of data protection in a third country

DRules covering data transfers between third countries