Download EXIN Privacy and Data Protection Foundation.PDPF.BrainDumps.2019-03-01.40q.vcex

Vendor: Exin
Exam Code: PDPF
Exam Name: EXIN Privacy and Data Protection Foundation
Date: Mar 01, 2019
File Size: 26 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
What is the essence of the principle ‘Full Lifecycle Protection’?
  1. Delivering the maximum degree of data protection by default, ensuring that personal data are automatically protected in any given IT system or business practice.
  2. Ensuring that whatever business practice or technology is involved, processing is done according to the stated objectives, subject to independent verification.
  3. Embedding security measures to protect the data from the moment it is collected, throughout processing until it is destroyed at the end of the process.
  4. Prioritizing the protection of the interests of the individual by offering for example strong privacy defaults, appropriate notice or empowering user-friendly options.
Correct answer: C
Question 2
A processor is instructed to report on customers who bought a product both last month and at least once in the three months before that. Unfortunately, the processor makes a mistake and uses personal data collected by another controller for a different purpose. 
The mistake is found before the report is created, and nobody has access to personal date he or she should not have had access to. 
How should the processor act on this situation and what should the controller do, if anything?
  1. The processor must notify the controller and the controller must notify the Data Protection Authority of a data breach.
  2. The processor must notify the controller of a data breach. The controller must assess the possible risk to the data subjects.
  3. The processor must notify the Data Protection Authority of a data breach. The controller must execute a PIA to assess the risk to data subjects.
  4. The processor must restart processing using the right data. There is no need for the controller to act.
Correct answer: B
Question 3
The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations. 
What else is a legal obligation of the Supervisory Authority in reaction to such a notification?
  1. To assess compliance with the law in all classes where sensitive personal data is processed
  2. To assess the legitimacy of operations that involve specific risks for the data subjects
  3. To assess the legitimacy of binding contract(s) between the controller and the data processor(s)
  4. To give out a license for the data processing, specifying the types of personal data which are allowed
Correct answer: A
Question 4
In what way are online activities of people most effectively used by modern marketers?
  1. By analyzing the logs of the web server it can be seen which products are top sellers, allowing them to optimize their marketing campaigns for those products.
  2. By tagging users of social media, profiles of their online behavior can be created. These profiles are used to ask them to promote a product.
  3. By tagging visitors of web pages, profiles of their online behavior can be created. These profiles are sold and used in targeted advertisement campaigns.
Correct answer: A
Question 5
A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervisory Authority is informed of the type of data and the aims of the processing, including the contract describing what data will be processed and what data protection procedures and practices will be in place. 
According to the GDPR, what should the Dutch Supervisory Authority do in this scenario?
  1. Report the data processing to the German Supervisory Authority and leave the supervising to them.
  2. Supervise the processing of personal data in accordance with Dutch Law.
  3. Supervise the processing of personal data in accordance with German Law.
  4. The Dutch Supervisory Authority should check that adequate binding contracts are in place. The German Supervisory Authority should supervise.
Correct answer: D
Question 6
A person finds that a private videotape showing her in a very intimate situation has been published on a website. She never consented to publication and demands that the video is being removed without undue delay. 
According to the GDPR, what should be done next?
  1. Nothing. The video may be regarded as ‘news’ and, therefore, the website is only exercising its right to freedom of expression and information.
  2. The controller erases the video from the website and, when possible, informs any controller who might process the same video, that it must be erased.
  3. The controller erases the video from the website. There is no obligation however, to inform others who might have copied it, that it should be erased.
Correct answer: B
Question 7
For processing of personal data to be legal, a number of requirements must be fulfilled. 
What is a requirement for lawful personal data processing?
  1. A ‘code of conduct’, describing what the processing exactly entails, must be in place.
  2. The data subject must have given consent, prior to the processing to begin.
  3. The processing must be reported to and allowed by the Data Processing Authority
  4. There must be a legitimate ground for the processing of personal data.
Correct answer: D
Question 8
Under what EU legislation is data transfer between the EEA and the U.S.A. allowed?
  1. An adequacy decision based on the Privacy Shield program
  2. An adequacy decision by reason of US domestic legislation
  3. The Transatlantic Trade an Investment Partnership (TTIP)
  4. The U.S.A.’s commitment to join the European Economic Area
Correct answer: A
Explanation:
Reference: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
Reference: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
Question 9
According to the GDPR, for which situations should a Data Protection impact Assessment (DPIA) be conducted?
  1. For all projects that include technologies or processes that require data protection
  2. For all sets of similar processing operations with comparable risks
  3. For any situation where technologies and processes will be subject to a risk assessment
  4. For technologies and processes that are likely to result in a high risk to the rights of data subjects
Correct answer: A
Explanation:
Reference: https://eugdprcompliant.com/dpia-guidelines/
Reference: https://eugdprcompliant.com/dpia-guidelines/
Question 10
While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder’s name and address, PIN number and more. 
What kind of a data breach is this?
  1. Material
  2. Non-material
  3. Verbal
Correct answer: B
Question 11
What is the essence of the principle ‘Full Lifecycle Protection’?
  1. Delivering the maximum degree of data protection by default, ensuring that personal data are automatically protected in any given IT system or business practice.
  2. Ensuring that whatever business practice or technology is involved, processing is done according to the stated objectives, subject to independent verification.
  3. Embedding security measures to protect the data from the moment it is collected, throughout processing until it is destroyed at the end of the process.
  4. Prioritizing the protection of the interests of the individual by offering for example strong privacy defaults, appropriate notice or empowering user-friendly options.
Correct answer: C
Question 12
A processor is instructed to report on customers who bought a product both last month and at least once in the three months before that. Unfortunately, the processor makes a mistake and uses personal data collected by another controller for a different purpose. 
The mistake is found before the report is created, and nobody has access to personal date he or she should not have had access to. 
How should the processor act on this situation and what should the controller do, if anything?
  1. The processor must notify the controller and the controller must notify the Data Protection Authority of a data breach.
  2. The processor must notify the controller of a data breach. The controller must assess the possible risk to the data subjects.
  3. The processor must notify the Data Protection Authority of a data breach. The controller must execute a PIA to assess the risk to data subjects.
  4. The processor must restart processing using the right data. There is no need for the controller to act.
Correct answer: B
Question 13
The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations. 
What else is a legal obligation of the Supervisory Authority in reaction to such a notification?
  1. To assess compliance with the law in all classes where sensitive personal data is processed
  2. To assess the legitimacy of operations that involve specific risks for the data subjects
  3. To assess the legitimacy of binding contract(s) between the controller and the data processor(s)
  4. To give out a license for the data processing, specifying the types of personal data which are allowed
Correct answer: A
Question 14
In what way are online activities of people most effectively used by modern marketers?
  1. By analyzing the logs of the web server it can be seen which products are top sellers, allowing them to optimize their marketing campaigns for those products.
  2. By tagging users of social media, profiles of their online behavior can be created. These profiles are used to ask them to promote a product.
  3. By tagging visitors of web pages, profiles of their online behavior can be created. These profiles are sold and used in targeted advertisement campaigns.
Correct answer: A
Question 15
A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervisory Authority is informed of the type of data and the aims of the processing, including the contract describing what data will be processed and what data protection procedures and practices will be in place. 
According to the GDPR, what should the Dutch Supervisory Authority do in this scenario?
  1. Report the data processing to the German Supervisory Authority and leave the supervising to them.
  2. Supervise the processing of personal data in accordance with Dutch Law.
  3. Supervise the processing of personal data in accordance with German Law.
  4. The Dutch Supervisory Authority should check that adequate binding contracts are in place. The German Supervisory Authority should supervise.
Correct answer: D
Question 16
A person finds that a private videotape showing her in a very intimate situation has been published on a website. She never consented to publication and demands that the video is being removed without undue delay. 
According to the GDPR, what should be done next?
  1. Nothing. The video may be regarded as ‘news’ and, therefore, the website is only exercising its right to freedom of expression and information.
  2. The controller erases the video from the website and, when possible, informs any controller who might process the same video, that it must be erased.
  3. The controller erases the video from the website. There is no obligation however, to inform others who might have copied it, that it should be erased.
Correct answer: B
Question 17
For processing of personal data to be legal, a number of requirements must be fulfilled. 
What is a requirement for lawful personal data processing?
  1. A ‘code of conduct’, describing what the processing exactly entails, must be in place.
  2. The data subject must have given consent, prior to the processing to begin.
  3. The processing must be reported to and allowed by the Data Processing Authority
  4. There must be a legitimate ground for the processing of personal data.
Correct answer: D
Question 18
Under what EU legislation is data transfer between the EEA and the U.S.A. allowed?
  1. An adequacy decision based on the Privacy Shield program
  2. An adequacy decision by reason of US domestic legislation
  3. The Transatlantic Trade an Investment Partnership (TTIP)
  4. The U.S.A.’s commitment to join the European Economic Area
Correct answer: A
Explanation:
Reference: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
Reference: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
Question 19
According to the GDPR, for which situations should a Data Protection impact Assessment (DPIA) be conducted?
  1. For all projects that include technologies or processes that require data protection
  2. For all sets of similar processing operations with comparable risks
  3. For any situation where technologies and processes will be subject to a risk assessment
  4. For technologies and processes that are likely to result in a high risk to the rights of data subjects
Correct answer: A
Explanation:
Reference: https://eugdprcompliant.com/dpia-guidelines/
Reference: https://eugdprcompliant.com/dpia-guidelines/
Question 20
While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder’s name and address, PIN number and more. 
What kind of a data breach is this?
  1. Material
  2. Non-material
  3. Verbal
Correct answer: B
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!