Download EXIN Privacy and Data Protection Foundation.PDPF.TestKing.2019-10-23.24q.vcex

Vendor: Exin
Exam Code: PDPF
Exam Name: EXIN Privacy and Data Protection Foundation
Date: Oct 23, 2019
File Size: 18 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervisory Authority is informed of the type of data and the aims of the processing, including the contract describing what data will be processed and what data protection procedures and practices will be in place. 
According to the GDPR, what should the Dutch Supervisory Authority do in this scenario?
  1. Report the data processing to the German Supervisory Authority and leave the supervising to them.
  2. Supervise the processing of personal data in accordance with Dutch Law.
  3. Supervise the processing of personal data in accordance with German Law.
  4. The Dutch Supervisory Authority should check that adequate binding contracts are in place. The German Supervisory Authority should supervise.
Correct answer: D
Question 2
For processing of personal data to be legal, a number of requirements must be fulfilled. 
What is a requirement for lawful personal data processing?
  1. A ‘code of conduct’, describing what the processing exactly entails, must be in place.
  2. The data subject must have given consent, prior to the processing to begin.
  3. The processing must be reported to and allowed by the Data Processing Authority
  4. There must be a legitimate ground for the processing of personal data.
Correct answer: D
Question 3
Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing. 
What is another important technical requirement?
  1. To ascertain that personal data collection is adequate, relevant and limited to what is necessary in relation to the purposes
  2. To control that data collected for specified, explicit and legitimate purposes is not further processed for other purposes
  3. To keep personal data accurate and up to date, ensuring that inaccurate data are erased or rectified without delay
  4. To make sure that personal data is processed lawfully, fairly and in transparent manner in relation to the data subject
Correct answer: A
Explanation:
Reference: http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm
Reference: http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm
Question 4
According to the GDPR, what is a mandatory topic in a DPIA report?
  1. Systematic description of the fiduciary duties to ensure compliance to all relevant laws and regulations
  2. An assessment of the necessity and proportionality of the processing operations in relation to the purposes
  3. The documentation of the risks to the rights and freedoms of the data protection officer
  4. The measures envisaged to address the privacy compliance frameworks risks
Correct answer: B
Question 5
What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?
  1. Controller
  2. Data Protection Officer
  3. Data Subject
  4. Processor
Correct answer: A
Explanation:
Reference: https://www.i-scoop.eu/gdpr/data-controller-data-controller-duties/
Reference: https://www.i-scoop.eu/gdpr/data-controller-data-controller-duties/
Question 6
The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available, if requested?
  1. The data processor
  2. The Data Protection Officer
  3. The European Commission
  4. The supervisory authority
Correct answer: D
Explanation:
Reference: https://www.whitecase.com/publications/article/chapter-10-obligations-controllers-unlocking-eu-general-data-protection
Reference: https://www.whitecase.com/publications/article/chapter-10-obligations-controllers-unlocking-eu-general-data-protection
Question 7
Which situation is considered a data breach according to the GDPR?
  1. A processor deletes personal data after his contract with the controller expired.
  2. A processor leaves his computer unattended, where colleagues may be able to access it.
  3. After a disk crash a processor restores personal data from a recent back-up.
  4. After processing a processor deletes personal data on instruction of the controller.
Correct answer: B
Question 8
A controller is processing personal data based on consent of the data subjects. There are no other legitimate grounds. While processing, the controller discovers that a data subject whose consent for the processing had been received, has died since. 
What, according to the GDPR, will be the consequences for the controller with regard to the processing?
  1. The controller can proceed with the processing as intended.
  2. The controller can proceed, but only for the purposes for which consent has been given.
  3. The controller must act as if the data subject has withdrawn consent and erase his/her data.
  4. The controller needs to find the heir in order to require consent for the processing.
Correct answer: A
Explanation:
Reference: https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr
Reference: https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr
Question 9
A personal data breach has occurred and the controller is writing a draft notification for the Supervisory Authority. The document describes the nature of the breach and its possible consequences. It also contains information on the parties that can provide additional information on the data breach to the Supervisory Authority. 
What other information should the controller add?
  1. Information of local and national authorities that have been informed about the data breach.
  2. Name and contact details of the data subjects whose data may be breached.
  3. Suggested measures to mitigate the adverse consequences of the data breach.
  4. The information needed to access the personal data that has been breached.
Correct answer: C
Question 10
The General Data Protection Regulation (GDPR) formalizes the data subject’s right to data portability. 
What is the objective of data portability?
  1. The controller has the right to move the data subject’s personal data from one organization to another.
  2. The data subject has the right to move personal data concerning him or her.
  3. The data subject has the right to move his/her personal data when moving to another country.
  4. The Supervisory Authority authorizes the movement of personal data.
Correct answer: B
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!