Curious about Actual Exin EXIN Privacy & Data Protection Foundation (PDPF) Exam Questions?
Here are sample Exin Privacy and Data Protection Foundation (PDPF) Exam questions from real exam. You can get more Exin EXIN Privacy & Data Protection Foundation (PDPF) Exam premium practice questions at TestInsights.
What is the legal status of the GDPR?
Correct : A
The GDPR is functional law in all member states of the EEA. Some Articles allow for member states law to provide for more specific rules. Correct. The GDPR is European law but the Regulation does not exclude Member state law that sets out the circumstances for specific processing situations. (Literature: A, Chapter 1; GDPR Recital 10)
The GDPR is a recommendation of the European Commission that EEA countries' law authorities improve their laws on the protection of personal data. Incorrect. An EU recommendation is not binding. The GDPR is a functional European law in all member states.
The GDPR sets out minimum conditions and requirements. Member states need to pass national laws to meet these minimum requirements. Incorrect. This is the description of an EU Directive.
Start a Discussions
On July 12, 2016 the European Commission implemented a ruling regarding the transfer of personal data between the EEA and the US. The ruling is based on the data protection measures described in the EU-US Privacy Shield. What kind of a ruling is this?
Correct : D
Adequacy decision. Correct. The ruling is an adequacy decision regarding processing in third countries. (Literature: A, Chapter 7; GDPR Article 45 and Recitals (104) and (106)
Derogation. Incorrect. A derogation is for specific situations where a transfer is necessary, but there is no ruling permitting it. (Literature: GDPR Article 49(1)(q))
Legally binding contract. Incorrect. The ruling is an adequacy decision. A legally binding contract is between a processor and a controller.
Treaty superseding the GDPR. Incorrect. The ruling is an adequacy decision. It does not supersede the GDPR.
Start a Discussions
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Which data processing principle is described here?
Correct : B
Accuracy. Incorrect. Accuracy is the principle that personal data shall be accurate and kept up to date.
Data minimization. Correct. Data minimization means that personal data shall be adequate, relevant and limited to what is necessary. (Literature: A, Chapter 2; GDPR Article 5(1))
Fairness and transparency. Incorrect. Fairness and transparency mean that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Purpose limitation. Incorrect. Purpose limitation means that personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with GDPR Article 89(1), not be considered to be incompatible with the initial purposes.
Start a Discussions
According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?
Correct : B
When a project includes technologies or processes that use personal data. Incorrect. Only for technologies and processes that are likely to result in a high risk to the rights of data subjects is the DPIA mandatory.
When processing is likely to result in a high risk to the rights of data subjects. Correct. For processing operations which are likely to result in a high risk, a DPIA is obligatory to assess those risks and to design mitigation measures. (Literature: A, Chapter 6; GDPR Article 35)
When similar processing operations with comparable risks are repeated. Incorrect. This is a case in which a DPIA does not need to be repeated.
Start a Discussions
The General Data Protection Regulation (GDPR) is often known as the ''European privacy law''. What is the relationship between 'privacy' and 'data protection'?
Correct : D
Data protection and privacy are complementary, but not the same thing.
A very repeated phrase is: ''It is possible to have security without privacy, but it is not possible to have privacy without security''.
Privacy is a right that must be protected, and Data Protection are the measures that will be used to achieve this protection.
Start a Discussions
Total 149 questions