Home
PECB
GDPR Exam Info
GDPR Exam Questions

Curious about Actual PECB Certified Data Protection Officer Exam Questions?

Here are sample PECB Certified Data Protection Officer (GDPR) Exam questions from real exam. You can get more PECB GDPR Certification (GDPR) Exam premium practice questions at TestInsights.

Page: 1 /
Total 80 questions

Want more questions? Get Premium Access.

Question 1

Questio n:

A patient gave consent for the use of their laboratory tests to defend a clinical laboratory against a lawsuit. As a result, the court required the collection and processing of the patient's health data, and such information was revealed in court.

Is this compliant with GDPR's lawfulness of processing requirements?

AYes, because the data subject has consented to the processing of health data, and GDPR allows the processing of special categories of data where it is necessary for the establishment, exercise, or defense of legal claims.

BYes, but only if the processing of special categories of personal data is controlled by a public health institution, and the data subject has consented to the processing of this type of data.

CNo, although the data subject has consented to the processing of health data, GDPR does not allow the disclosure of special categories of personal data by health institutions.

DNo, because personal data used in legal proceedings must be anonymized before being disclosed.

Correct : A

Under Article 9(2)(f) of GDPR, the processing of special categories of data (e.g., health data) is permitted without consent if it is necessary for the establishment, exercise, or defense of legal claims.

Option A is correct because GDPR allows processing of special category data for legal claims, even without explicit consent.

Option B is incorrect because processing for legal claims is not restricted to public health institutions.

Option C is incorrect because GDPR explicitly allows such processing for legal claims.

Option D is incorrect because anonymization is not required when data is processed under Article 9(2)(f).

GDPR Article 9(2)(f) (Processing of special categories of data for legal claims)

Recital 52 (Legal grounds for processing sensitive data in court cases)

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

BYes, but only if the processing of special categories of personal data is controlled by a public health institution, and the data subject has consented to the processing of this type of data.

CNo, although the data subject has consented to the processing of health data, GDPR does not allow the disclosure of special categories of personal data by health institutions.

DNo, because personal data used in legal proceedings must be anonymized before being disclosed.

0 / 1500

Question 2

Questio n:

You work in a company that provides training services. One of the clients requests access to information about the categories of recipients to whom their personal data will be disclosed.

What actions should you take to be compliant with GDPR?

AObtain authorization from the recipients before disclosing their identities.

BVerify the identity of the client by sending login data to their mailing address.

CInform the client that access to this type of information is not allowed, since it may result in a high risk to the rights and freedoms of recipients.

DProvide the client with the requested information about the recipients of their data.

Correct : D

Under Article 15(1)(c) of GDPR, data subjects have the right to access information about the recipients or categories of recipients who have received their personal data.

Option D is correct because GDPR mandates transparency regarding data sharing.

Option A is incorrect because authorization from recipients is not required before disclosing their categories.

Option B is incorrect because identity verification applies to access requests but is not a prerequisite for providing recipient information.

Option C is incorrect because denying access to this information violates the data subject's right under GDPR.

GDPR Article 15(1)(c) (Right of access to recipient categories)

Recital 63 (Transparency in processing and access rights)

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AObtain authorization from the recipients before disclosing their identities.

BVerify the identity of the client by sending login data to their mailing address.

CInform the client that access to this type of information is not allowed, since it may result in a high risk to the rights and freedoms of recipients.

DProvide the client with the requested information about the recipients of their data.

0 / 1500

Question 3

Questio n:

Which of the following options is the DPO's responsibility when processing personal data related to criminal convictions is carried out by an official authority?

ADetermining the location where sensitive data may be processed.

BAssessing the necessity of knowing a data subject's identity.

CEnsuring compliance with any legal requirements of Member States.

DApproving all security measures for processing this data.

Correct : C

Under Article 39(1)(b) of GDPR, the DPO monitors compliance with GDPR and other applicable laws, including Member State laws on criminal conviction data.

Option C is correct because DPOs must ensure processing aligns with national legal requirements.

Option A is incorrect because determining processing locations is a technical decision, not a DPO responsibility.

Option B is incorrect because DPOs do not assess the necessity of identity disclosure.

Option D is incorrect because approving security measures is the responsibility of controllers and processors, not the DPO.

GDPR Article 39(1)(b) (DPO's role in ensuring legal compliance)

Recital 97 (DPO responsibilities in public and private sectors)

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ADetermining the location where sensitive data may be processed.

BAssessing the necessity of knowing a data subject's identity.

CEnsuring compliance with any legal requirements of Member States.

DApproving all security measures for processing this data.

0 / 1500

Question 4

Scenario:

BookSt is an online bookshop that collects personal data before selling its products. Sarah signed up for an account, providing her name, email, and password. To purchase a book, Sarah was required to provide her shipping address and payment information, which is needed to calculate shipping costs and complete the transaction.

Questio n:

Does the company have a legal basis for processing Sarah's data?

ANo, the processing is not legally justified if it is only for sales purposes.

BYes, the processing is necessary for the performance of a contract to which the data subject is a party.

CNo, the processing is legally justified only if it is necessary to protect the vital interests of the data subject.

DYes, but only if Sarah provides explicit consent for her data to be processed.

Correct : B

GDPR Article 6(1)(b) (Processing necessary for contract performance)

Recital 44 (Contractual necessity as a legal basis)

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ANo, the processing is not legally justified if it is only for sales purposes.

BYes, the processing is necessary for the performance of a contract to which the data subject is a party.

CNo, the processing is legally justified only if it is necessary to protect the vital interests of the data subject.

DYes, but only if Sarah provides explicit consent for her data to be processed.

0 / 1500

Question 5

Questio n:

To evaluate the effectiveness of communication, the DPO of Company ABC reviewed the accuracy and relevance of the information provided to customers regarding personal data processing.

Is this a good practice under GDPR?

AYes, when evaluating the effectiveness of communication, the DPO should consider the accuracy and relevance of the information provided to concerned parties.

BNo, the effectiveness of communication cannot be evaluated through the evaluation of the accuracy and relevance of information provided to customers.

CNo, the DPO is not responsible for evaluating the effectiveness of communication with customers.

DYes, but only if the company's supervisory authority requests it.

Correct : A

Under Article 39(1)(a) of GDPR, the DPO is responsible for monitoring GDPR compliance, including ensuring transparency in communication with data subjects. This includes verifying that information about data processing is accurate and relevant.

Option A is correct because GDPR mandates that data subjects receive clear and accurate information about their personal data processing.

Option B is incorrect because accuracy and relevance are key indicators of effective communication under GDPR.

Option C is incorrect because evaluating data protection communication is part of the DPO's compliance role.

Option D is incorrect because supervisory authority approval is not required for the DPO to conduct such evaluations.

GDPR Article 39(1)(a) (DPO's role in monitoring compliance)

GDPR Article 12(1) (Obligation for transparent and clear communication)

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AYes, when evaluating the effectiveness of communication, the DPO should consider the accuracy and relevance of the information provided to concerned parties.

BNo, the effectiveness of communication cannot be evaluated through the evaluation of the accuracy and relevance of information provided to customers.

CNo, the DPO is not responsible for evaluating the effectiveness of communication with customers.

DYes, but only if the company's supervisory authority requests it.

0 / 1500

Page: 1 / 16
Total 80 questions

Unlock Full
GDPR Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
GDPR Exam

GDPR Exam Question 1
GDPR Exam Question 2
GDPR Exam Question 3
GDPR Exam Question 4
GDPR Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login