New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Exin > Privacy & Data Protection > PDPF

PDPF Privacy and Data Protection Foundation Question and Answers

Question # 4

We know that when browsing the internet there is a lot of personal data that is collected. One mechanism for collecting this data is cookies.

How do marketers use this collected personal data?

A.

Collecting logs from web servers and running campaigns promoting products on social media.

B.

Collecting the logs from the web servers, they analyze which products are most visited and sold, promoting marketing campaigns for these products.

C.

They create behavioral profiles, applying tags to web page visitors. These profiles can be marketed and used in targeted marketing campaigns.

Full Access
Question # 5

What is the main purpose of the General Data Protection Regulation (GDPR)?

A.

Protecting the data of everyone in Europe.

B.

Protect the data of everyone in the world.

C.

Protect data of data subjects located in the European Economic Area (EEA), regardless of the country of processing.

D.

Protect confidential business data.

Full Access
Question # 6

What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?

A.

Controller

B.

Data Protection Officer

C.

Data Subject

D.

Processor

Full Access
Question # 7

Which of the following has a data breach under the General Data Protection Regulation (GDPR)?

A.

A processor, after terminating its contract with the controller, deletes personal data.

B.

A collaborator goes away without locking his workstation.

C.

A backup is restored by the controller to a corrupted personal data server.

D.

A notebook with financial reports from a multinational is stolen.

Full Access
Question # 8

Who should ask for an opinion after conducting an impact assessment on the protection of personal data (DPIA)?

A.

DPO

B.

Controller

C.

Supervisory Authority

D.

Processor

Full Access
Question # 9

What is the most important difference between the 95/46/EC and the GDPR?

A.

95/46/EC applies as law in all EEA member states while the GDPR is a guidance.

B.

95/46/EC applies to processing of data on EEA residents worldwide and the GDPR does not.

C.

The GDPR applies as law in all EEA member states while 95/46/EC is a guidance.

D.

The GDPR applies to persons and organizations which process personal data within EEA member states.

The scope of 95/46/EC is more restricted in this aspect.

Full Access
Question # 10

A breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. What is the exact term that is associated with this definition in the GDPR?

A.

Security breach

B.

Personal data breach

C.

Confidentiality violation

D.

Security incident

Full Access
Question # 11

Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing.

What is another important technical requirement?

A.

To ascertain that personal data collection is adequate, relevant and limited to what is necessary in relation to the purposes

B.

To control that data collected for specified, explicit and legitimate purposes is not further processed for other purposes

C.

To keep personal data accurate and up to date, ensuring that inaccurate data are erased or rectified without delay

D.

To make sure that personal data is processed lawfully, fairly and in transparent manner in relation to the data subject

Full Access
Question # 12

What is the term used in the General Data Protection Regulation (GDPR) for the disclosure of, or unauthorized access to, personal data?

A.

Security incident

B.

Incident

C.

Breach of confidentiality

D.

Data breach

Full Access
Question # 13

Some data processing falls outside of the material scope of the GDPR. What type of processing is not subject to the GDPR?

A.

Creating a back-up of biometric data for data security purposes

B.

Collecting name and address information for a gymnastics club

C.

Editing personal photographs before printing them at home

Full Access
Question # 14

What is the definition of Controller according to GDPR?

A.

An independent public authority created by a Member State

B.

Individual or legal entity that, individually or in conjunction with others, determines the purposes and means of processing personal data.

C.

Individual or legal entity that is not authorized to process personal data.

D.

Individual or legal entity that processes personal data on behalf of the person responsible for processing personal data.

Full Access
Question # 15

A controller wants to outsource processing of personal data to a processor. What must be done before outsourcing?

A.

The processor must show the controller that all demands agreed in the service level agreement (SLA) are met.

B.

The controller and processor must draft and sign a written contract guaranteeing the confidentiality of the data.

C.

The controller must ask the supervisory authority for permission to outsource the processing of the data.

D.

The controller must ask the supervisory authority if the agreed written contract is compliant with the regulations.

Full Access
Question # 16

What is the main reason for performing data protection by design (from conception)?

A.

Develop technical measures for the protection of personal data.

B.

Enable better marketing campaigns targeted at customers.

C.

Collect as much data as possible for data processing.

D.

Reduce the risk of not meeting legal obligations.

Full Access
Question # 17

Subcontracting treatment is regulated by contract or other regulatory act under Union or Member State law, which links the processor to the controller.

What this contract or other regulatory act stipulates?

A.

A process for testing, assessing and regularly evaluating the effectiveness of technical and organizational measures to ensure safe treatment.

B.

The processor assists the driver through technical and organizational measures to enable it to fulfill its obligation to respond to requests from data subjects.

C.

The description of categories of data subjects and categories of personal data

D.

The purpose of data processing

Full Access
Question # 18

Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data.

Which aspect of the rights of a data subject in the General Data Protection Regulation (GDPR) requires the company to comply?

A.

The right to erasure

B.

The right to rectification

C.

The right to restriction of processing

D.

The right to withdraw consent

Full Access
Question # 19

Racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as the processing of genetic data, biometric data, health data or data relating to a person’s sexual life or sexual orientation.

What does this sentence above refer to?

A.

Available personal data categories.

B.

Rights categories of data subjects.

C.

Categories of purposes for the processing of personal data.

D.

Personal data categories.

Full Access
Question # 20

One of the basic principles of the General Data Protection Regulation (GDPR) is subsidiarity.

What is subsidiarity to GDPR?

A.

Personal data can only be collected for explicit, legitimate and specific purposes and cannot be processed for any other purpose.

B.

Only the personal data needed to achieve a specific purpose should be collected.

C.

The least privacy-violating means should be used when processing personal data.

D.

Personal data must be kept for a period not longer than necessary.

Full Access
Question # 21

According to Article.33 of the GDPR the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. What is the maximum penalty for non-compliance with this notification obligation?

A.

€ 10.000.000 or 2% of the annual global turnover, whichever is higher

B.

€ 20.000.000 or 4% of the annual global turnover, whichever is higher

C.

Up to € 500.000 with a minimum of € 120.000

D.

Up to € 820.000 with a minimum of € 350.000

Full Access
Question # 22

An architect, leaving a building site, puts his laptop for a moment beside his car on the road, while answering his phone. When driving away he sees in the mirror his laptop being crushed by an enormous lorry driving over it. All his files on the design of the building and the calculations he worked on are lost. His only consolation is that those were the only files on the device.

In terms of the GDPR, what happened?

A.

a data breach

B.

a security incident

C.

a security issue

D.

a vulnerability

Full Access