Download EXIN Privacy and Data Protection Foundation.PDPF.ExamLabs.2020-04-15.21q.vcex

Vendor: Exin
Exam Code: PDPF
Exam Name: EXIN Privacy and Data Protection Foundation
Date: Apr 15, 2020
File Size: 18 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations. 
What else is a legal obligation of the Supervisory Authority in reaction to such a notification?
  1. To assess compliance with the law in all classes where sensitive personal data is processed
  2. To assess the legitimacy of operations that involve specific risks for the data subjects
  3. To assess the legitimacy of binding contract(s) between the controller and the data processor(s)
  4. To give out a license for the data processing, specifying the types of personal data which are allowed
Correct answer: A
Question 2
A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervisory Authority is informed of the type of data and the aims of the processing, including the contract describing what data will be processed and what data protection procedures and practices will be in place. 
According to the GDPR, what should the Dutch Supervisory Authority do in this scenario?
  1. Report the data processing to the German Supervisory Authority and leave the supervising to them.
  2. Supervise the processing of personal data in accordance with Dutch Law.
  3. Supervise the processing of personal data in accordance with German Law.
  4. The Dutch Supervisory Authority should check that adequate binding contracts are in place. The German Supervisory Authority should supervise.
Correct answer: D
Question 3
For processing of personal data to be legal, a number of requirements must be fulfilled. 
What is a requirement for lawful personal data processing?
  1. A ‘code of conduct’, describing what the processing exactly entails, must be in place.
  2. The data subject must have given consent, prior to the processing to begin.
  3. The processing must be reported to and allowed by the Data Processing Authority
  4. There must be a legitimate ground for the processing of personal data.
Correct answer: D
Question 4
Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data. 
Which aspect of the rights of a data subject in the General Data Protection Regulation (GDPR) requires the company to comply?
  1. The right to erasure
  2. The right to rectification
  3. The right to restriction of processing
  4. The right to withdraw consent
Correct answer: D
Question 5
Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing. 
What is another important technical requirement?
  1. To ascertain that personal data collection is adequate, relevant and limited to what is necessary in relation to the purposes
  2. To control that data collected for specified, explicit and legitimate purposes is not further processed for other purposes
  3. To keep personal data accurate and up to date, ensuring that inaccurate data are erased or rectified without delay
  4. To make sure that personal data is processed lawfully, fairly and in transparent manner in relation to the data subject
Correct answer: A
Question 6
What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?
  1. Controller
  2. Data Protection Officer
  3. Data Subject
  4. Processor
Correct answer: A
Question 7
The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available, if requested?
  1. The data processor
  2. The Data Protection Officer
  3. The European Commission
  4. The supervisory authority
Correct answer: D
Question 8
A controller is processing personal data based on consent of the data subjects. There are no other legitimate grounds. While processing, the controller discovers that a data subject whose consent for the processing had been received, has died since. 
What, according to the GDPR, will be the consequences for the controller with regard to the processing?
  1. The controller can proceed with the processing as intended.
  2. The controller can proceed, but only for the purposes for which consent has been given.
  3. The controller must act as if the data subject has withdrawn consent and erase his/her data.
  4. The controller needs to find the heir in order to require consent for the processing.
Correct answer: A
Question 9
According to the GDPR, what is the main reason to consider data protection in the initial design phase?
  1. It ensures efficiency in project phases
  2. It ensures privacy by default
  3. It reduces the risk of fraud
  4. It reduces the risk of liability
Correct answer: B
Question 10
When does the GDPR require data subjects consent to a cookie?
  1. Always, because a cookie is regarded as online identifier
  2. Never, as the EU Cookie Law does not require explicit consent
  3. Only if the cookie contains authentication information of the data subject
  4. Only if the cookie contains shopping basket items
Correct answer: A

Use VCE Exam Simulator to open VCE files


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!