March Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PDPF Exam Dumps - Privacy and Data Protection Foundation

Question # 4

In the European Union we have: Directives and Regulations. What is the difference between them?

A.

The regulation provides guidance for EU Member States and they can create their own laws to conform to the regulation. A directive has the force of law and all EU Member States must follow it without changing it.

B.

The directive provides guidance for EU member states and they can create their own laws to suit the directive. A regulation has the force of law and all EU Member States must follow it without changing it.

Full Access
Question # 5

An architect, leaving a building site, puts his laptop for a moment beside his car on the road, while answering his phone. When driving away he sees in the mirror his laptop being crushed by an enormous lorry driving over it. All his files on the design of the building and the calculations he worked on are lost. His only consolation is that those were the only files on the device.

In terms of the GDPR, what happened?

A.

a data breach

B.

a security incident

C.

a security issue

D.

a vulnerability

Full Access
Question # 6

When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?

A.

Application of new technologies that may imply a high risk to the rights and freedoms of data subjects.

B.

There is no security policy and information security risk analysis.

C.

In all types of personal data processing.

Full Access
Question # 7

A company CEO travels to a meeting in another city. He takes a notebook with information about the company’s new projects and acquisitions, which will be the subject of discussion at this meeting. These are the only data stored on the notebook.

The notebook accidentally falls into the hotel’s pool and all data is lost.

What happened, considering the General Data Protection Regulation (GDPR)?

A.

A security incident

B.

A vulnerability

C.

A data breach

D.

A security risk

Full Access
Question # 8

One of the basic principles of the General Data Protection Regulation (GDPR) is subsidiarity.

What is subsidiarity to GDPR?

A.

Personal data can only be collected for explicit, legitimate and specific purposes and cannot be processed for any other purpose.

B.

Only the personal data needed to achieve a specific purpose should be collected.

C.

The least privacy-violating means should be used when processing personal data.

D.

Personal data must be kept for a period not longer than necessary.

Full Access
Question # 9

What is the purpose of Data Lifecycle Management (DLM)?

A.

Ensure data integrity and its periodic update

B.

Ensure data confidentiality and availability throughout its useful life.

C.

Ensure that the processing of personal data, throughout its useful life complies with the GDPR

D.

Ensure data confidentiality throughout its useful life, from collection to deletion.

Full Access
Question # 10

Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data.

Which aspect of the rights of a data subject in the General Data Protection Regulation (GDPR) requires the company to comply?

A.

The right to erasure

B.

The right to rectification

C.

The right to restriction of processing

D.

The right to withdraw consent

Full Access
Question # 11

Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Which data processing principle is described here?

A.

Purpose limitation

B.

Data minimization

C.

Accuracy

D.

Fairness and transparency

Full Access
Question # 12

What is the definition of Supervisory Authority according to the GDPR?

A.

Individual or legal entity processing personal data on behalf of the person responsible for processing personal data.

B.

An independent public authority created by a Member State.

C.

Individual or legal entity that is not authorized to process personal data

D.

Individual or legal entity that, individually or in conjunction with others, determines the purposes and means of processing personal data.

Full Access
Question # 13

What is the relationship between data protection and privacy?

A.

Data protection and privacy are synonyms and have the same meaning.

B.

Data protection refers to the measures needed to protect a person’s privacy.

C.

Data protection is the part of privacy that protects a person’s physical integrity.

Full Access
Question # 14

To comply with the General Data Protection Regulation (GDPR) it is necessary to create a procedure for reporting data breaches to the Supervisory Authority.

As the controller is a public administration agency, which option is a requirement for this procedure?

A.

It must contain a step to perform a Data Protection Impact Analysis (DPIA).

B.

It must include an audit step.

C.

It should include a step to consult the Data Protection Officer (DPO) in order to determine whether notification to the Supervisory Authority is necessary.

D.

It must contain a step to notify the data subject.

Full Access
Question # 15

Which of the alternatives describes one of the Supervisory Authority’s responsibilities?

A.

Supervise the processing of data of holders residing in a country belonging to the European Economic Area (EEA).

B.

Consider the nature of the treatment, and as far as possible, assist the controller in order to enable the controller to fulfill his obligation.

C.

Provide the controller with all necessary information to demonstrate compliance with obligations.

D.

Apply technical and organizational measures to ensure that only personal data that are necessary for each specific purpose of processing are processed.

Full Access
Question # 16

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018, what is the legal status of this regulation?

A.

The GDPR is a functional law in all EU member states and Member States cannot rectify it.

B.

The GDPR is only a recommendation. Member States should create laws to suit

C.

Some articles in the GDPR provide guidance and allow Member States to draft more specific laws to suit.

Full Access
Question # 17

Which data subject right is explicitly defined by the GDPR?

A.

A copy of personal data must be provided in the format requested by the data subject.

B.

Personal data must always be erased if the data subject requests this.

C.

Access to personal data must be provided free of charge for the data subject.

D.

Personal data must always be changed at the request of the data subject.

Full Access
Question # 18

In the contract between the controller and processor for the processing of personal data, which of the options below represents the sole responsibility of the Controller?

A.

Erase all personal data after the completion of treatment-related services, deleting existing copies.

B.

Treat personal data only through documented instructions, including with regard to data transfers to third countries or international organizations.

C.

Ensure that the persons authorized to process personal data have made a commitment to confidentiality.

D.

Apply technical and organizational measures to ensure that only personal data that are necessary for each specific purpose of processing are processed.

Full Access
Question # 19

According to the GDPR, for which situations should a Data Protection Impact Assessment (DPIA) be conducted?

A.

For all projects that include technologies or processes that require data protection

B.

For all sets of similar processing operations with comparable risks

C.

For any situation where technologies and processes will be subject to a risk assessment

D.

For technologies and processes that are likely to result in a high risk to the rights of data subjects

Full Access
Question # 20

What is the most important difference between the 95/46/EC and the GDPR?

A.

95/46/EC applies as law in all EEA member states while the GDPR is a guidance.

B.

95/46/EC applies to processing of data on EEA residents worldwide and the GDPR does not.

C.

The GDPR applies as law in all EEA member states while 95/46/EC is a guidance.

D.

The GDPR applies to persons and organizations which process personal data within EEA member states.

The scope of 95/46/EC is more restricted in this aspect.

Full Access
Question # 21

What is the definition of privacy related to the General Data protection Regulation (GDPR)?

A.

A situation in which one is not observed or distributed by the government or uninvited people.

B.

The right to respect for a person’s private and family life, his home and his correspondence.

C.

The fundamental right to respect a person’s physical and mental integrity.

D.

The right to be protected against unsolicited intrusion into a computer or network and the processing of personal data by third parties.

Full Access
Question # 22

The controller responsible for the UK Child Sexual Abuse Investigation body reported a data breach to the

supervisory authority in the UK on 28 February 2019.

People who had registered their interest in participating in forums and debates for victims of child sexual abuse received an email that contained the email addresses of everyone else who had also registered.

Which category does this data breach fit into?

A.

This data breach should only be reported to the Data Protection Authority.

B.

This data breach should only be reported to data subjects.

C.

It is not necessary to notify the Supervisory Authority, as this data breach presents minimal risks to the holders.

D.

This data breach must be reported to the Data Protection Authority and the data subjects.

Full Access