Which cause is a data breach according to the GDPR?
A. illegally obtained corporate data from a human resources management system
B. Personal data is processed without a binding contract.
C. Personal data is processed by anyone other than the controller, processor or, possibly, subprocessor
D. The operation of a vulnerable server in the internal network of the processor
What is considered a personal data processing for the General Data Protection Regulation (GDPR)?
A. Analysis of data regarding the cause of death in the last 10 years.
B. Creating a backup with records of names, addresses, enrollment of students.
C. Conducting analysis of personal data related to health issues, but which have previously been anonymized.
D. Statistical publication with intention to vote, help anonymously.
An architect, leaving a building site, puts his laptop for a moment beside his car on the road, while answering his phone. When driving away he sees in the mirror his laptop being crushed by an enormous lorry driving over it. All his files on the design of the building and the calculations he worked on are lost. His only consolation is that those were the only files on the device.
In terms of the GDPR, what happened?
A. a data breach
B. a security incident
C. a security issue
D. a vulnerability
What is the purpose of Data Life Cycle Management (DLM)?
A. Ensuring that an adequate level of data protection is in place during some of the stages in the data life cycle.
B. Guaranteeing that personal data is processed in compliance with the GDPR during its lifetime.
C. Managing personal data in a way that guarantees the data is accurate and kept up to date.
What is a responsibility of Supervisory Authorities in EEA countries?
A. Research on security breaches of corporate information
B. Supervision of all data processing operations controlled by a controller in an EEA country
C. Supervision of all data processing operations where the data subjects are residents of an EEA country
A controller can contract out the processing of personal data to another company, provided a written contract between these partners is in place.
Which clause in this contract is a responsibility of the controller?
A. To ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
B. To make available all information necessary to demonstrate compliance with the obligations laid down in the GDPR and allow for and contribute to audits, including inspections.
C. To process the personal data only on documented instructions, including with regard to transfers of personal data to a third country or an international organization.
D. To provide sufficient guarantees for appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR.
The General Data Protection Regulation (GDPR) is based on the principles of proportionality and subsidiarity.
What is the meaning of "proportionality" in this context?
A. Personal data can be processed according to the use of requirements.
B. Personal data cannot be reused without explicit and informed consent.
C. Personal data can only be processed if there are no other means to achieve the purposes.
D. Personal data must be adequate, relevant and not excessive in relation to the purposes.
Personal data as defined in the GDPR can be divided into several types. One of these types is described: Data that directly or indirectly reveal someone's racial or ethnic background, political, philosophical, religious views, union affiliation and data related to health or sex life and sexual orientation. What type of personal data is this?
A. Direct personal data
B. Indirect personal data
C. Pseudonymized data
D. Special category personal data
The General Data Protection Regulation (GDPR) formalizes the data subject's right to data portability.
What is the objective of data portability?
A. The controller has the right to move the data subject's personal data from one organization to another.
B. The data subject has the right to move personal data concerning him or her.
C. The data subject has the right to move his/her personal data when moving to another country.
D. The Supervisory Authority authorizes the movement of personal data.
A personal data breach has occurred, and the controller is writing a draft notification for the supervisory authority. The following information is already in the notification:
-The nature of the personal data breach and its possible consequences.
-Information regarding the parties that can provide additional information about the data breach.
What other information must the controller provide?
A. Information of local and national authorities that were informed about the data breach.
B. Name and contact details of the data subjects whose data may have been breached
C. Suggested measures to mitigate the adverse consequences of the data breach.
D. The information needed to access the personal data that have been breached.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EXIN exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PDPF exam preparations and EXIN certification application, do not hesitate to visit our Vcedump.com to find your solutions here.