1. Home
  2. EXIN
  3. PDPF

Privacy and Data Protection Foundation

Exam Details

  • Exam Code
    :PDPF
  • Exam Name
    :Privacy and Data Protection Foundation
  • Certification
    :EXIN Certifications
  • Vendor
    :EXIN
  • Total Questions
    :149 Q&As
  • Last Updated
    :Jun 06, 2025

EXIN EXIN Certifications PDPF Questions & Answers

  • Question 131:

    When does the GDPR require data subjects consent to a cookie?

    A. Always, because a cookie is regarded as online identifier

    B. Never, as the EU Cookie Law does not require explicit consent

    C. Only if the cookie contains authentication information of the data subject

    D. Only if the cookie contains shopping basket items

  • Question 132:

    According to the GDPR, what is the main reason to consider data protection in the initial design phase?

    A. It ensures efficiency in project phases

    B. It ensures privacy by default

    C. It reduces the risk of fraud

    D. It reduces the risk of liability

  • Question 133:

    A controller discovers that a data subject, who had given consent for the processing of his data, has passed away. What this implies for data processing according to the General Data Protection Regulation (GDPR)?

    A. With the death of the data owner, the controller can continue processing the data, as they are no longer under the GDPR.

    B. The data can only be processed by the controller respecting the consent provided by the holder.

    C. The controller must delete the data of the holder, since with the death of the holder the consent is automatically revoked.

    D. The controller can process the data of a deceased person as long as it anonymizes the data.

  • Question 134:

    Which situation is considered a data breach according to the GDPR?

    A. A processor deletes personal data after his contract with the controller expired.

    B. A processor leaves his computer unattended, where colleagues may be able to access it.

    C. After a disk crash a processor restores personal data from a recent back-up.

    D. After processing a processor deletes personal data on instruction of the controller.

  • Question 135:

    What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?

    A. Controller

    B. Data Protection Officer

    C. Data Subject

    D. Processor

  • Question 136:

    The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available, if requested?

    A. The data processor

    B. The Data Protection Officer

    C. The European Commission

    D. The supervisory authority

  • Question 137:

    According to the GDPR, what is a mandatory topic in a DPIA report?

    A. Systematic description of the fiduciary duties to ensure compliance to all relevant laws and regulations

    B. An assessment of the necessity and proportionality of the processing operations in relation to the purposes

    C. The documentation of the risks to the rights and freedoms of the data protection officer

    D. The measures envisaged to address the privacy compliance frameworks risks

  • Question 138:

    Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing.

    What is another important technical requirement?

    A. To ascertain that personal data collection is adequate, relevant and limited to what is necessary in relation to the purposes

    B. To control that data collected for specified, explicit and legitimate purposes is not further processed for other purposes

    C. To keep personal data accurate and up to date, ensuring that inaccurate data are erased or rectified without delay

    D. To make sure that personal data is processed lawfully, fairly and in transparent manner in relation to the data subject

  • Question 139:

    Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data.

    Which aspect of the rights of a data subject in the General Data Protection Regulation (GDPR) requires the company to comply?

    A. The right to erasure

    B. The right to rectification

    C. The right to restriction of processing

    D. The right to withdraw consent

  • Question 140:

    While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder's name and address, PIN number and more.

    What kind of a data breach is this?

    A. Material

    B. Non-material

    C. Verbal

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EXIN exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PDPF exam preparations and EXIN certification application, do not hesitate to visit our Vcedump.com to find your solutions here.