1. Home
  2. EXIN
  3. PDPF

Privacy and Data Protection Foundation

Exam Details

  • Exam Code
    :PDPF
  • Exam Name
    :Privacy and Data Protection Foundation
  • Certification
    :EXIN Certifications
  • Vendor
    :EXIN
  • Total Questions
    :149 Q&As
  • Last Updated
    :Jun 06, 2025

EXIN EXIN Certifications PDPF Questions & Answers

  • Question 111:

    What does the GDPR concept of `binding corporate rules' (BCR) imply?

    A. A commission decision on the safety of data transfer to a third country

    B. A set of rules used by a group of enterprises concerning personal data protection in international transfers

    C. Measures to compensate for the lack of data protection in a third country

    D. Rules covering data transfers between third countries

  • Question 112:

    The General Data Protection Regulation (GDPR) allows processing of personal data only for purposes explicitly permitted by law. A tax advisor wants to file income tax returns for a neighbor.

    Which of the legitimate grounds in the GDPR applies?

    A. Processing of the personal data is permitted in this case with explicit consent of the data subject.

    B. Processing of the personal data is permitted because this is necessary for compliance with a legal obligation to which the controller is subject.

    C. Processing of personal data is permitted in the course of a purely personal or household activity.

  • Question 113:

    Personal data can be transferred outside of the EEA. According to the GDPR, which transfers outside the EEA are always lawful?

    A. Transfers based on the laws of the non-EEA country concerns

    B. Transfers falling under World Trade Organization rules

    C. Transfers governed by approved binding corporate rules (BCR)

    D. Transfers within a global corporation or organization

  • Question 114:

    What should be done by the EU member states and is not a responsibility of the supervisory authorities?

    A. Impose administrative fines to controllers

    B. Make rules for penalizing other GDPR infringements

    C. Order the controller to notify the data subject about a breach

    D. Receive and process data breach notifications from controllers

  • Question 115:

    What is the definition of privacy related to the General Data protection Regulation (GDPR)?

    A. A situation in which one is not observed or distributed by the government or uninvited people.

    B. The right to respect for a person's private and family life, his home and his correspondence.

    C. The fundamental right to respect a person's physical and mental integrity.

    D. The right to be protected against unsolicited intrusion into a computer or network and the processing of personal data by third parties.

  • Question 116:

    What is the most important difference between the 95/46/EC and the GDPR?

    A. 95/46/EC applies as law in all EEA member states while the GDPR is a guidance.

    B. 95/46/EC applies to processing of data on EEA residents worldwide and the GDPR does not.

    C. The GDPR applies as law in all EEA member states while 95/46/EC is a guidance.

    D. The GDPR applies to persons and organizations which process personal data within EEA member states. The scope of 95/46/EC is more restricted in this aspect.

  • Question 117:

    How are the terms privacy and data protection related?

    A. Data protection is the right to privacy.

    B. The terms are synonymous.

    C. Privacy includes the right to the protection of personal data.

  • Question 118:

    According to Article.33 of the GDPR the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.

    What is the maximum penalty for non-compliance with this notification obligation?

    A. 10.000.000 or 2% of the annual global turnover, whichever is higher

    B. 20.000.000 or 4% of the annual global turnover, whichever is higher

    C. Up to 500.000 with a minimum of 120.000

    D. Up to 820.000 with a minimum of 350.000

  • Question 119:

    What does the principle of `data minimization' mean?

    A. Personal data shall be accurate and where necessary kept up to date.

    B. Personal data shall be adequate and limited to what is necessary for the purposes of the processing.

    C. Personal data shall be processed in a manner that ensures appropriate security of the personal data.

    D. Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

  • Question 120:

    "The controller shall implement appropriate technical and organizational measures for ensuring that (...) only personal data which are necessary for each specific purpose of the processing are processed."

    Which term in the GDPR is defined here?

    A. Compliance

    B. Data protection by default and by design

    C. Embedded data protection

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EXIN exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PDPF exam preparations and EXIN certification application, do not hesitate to visit our Vcedump.com to find your solutions here.