New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

PDPF Privacy and Data Protection Foundation Questions and Answers

Questions 4

What is the definition of privacy related to the General Data protection Regulation (GDPR)?

Options:

A.

A situation in which one is not observed or distributed by the government or uninvited people.

B.

The right to respect for a person’s private and family life, his home and his correspondence.

C.

The fundamental right to respect a person’s physical and mental integrity.

D.

The right to be protected against unsolicited intrusion into a computer or network and the processing of personal data by third parties.

Buy Now
Questions 5

The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations.

What else is a legal obligation of the Supervisory Authority in reaction to such a notification?

Options:

A.

To assess compliance with the law in all classes where sensitive personal data is processed

B.

To assess the legitimacy of operations that involve specific risks for the data subjects

C.

To assess the legitimacy of binding contract(s) between the controller and the data processor(s)

D.

To give out a license for the data processing, specifying the types of personal data which are allowed

Buy Now
Questions 6

A shopkeeper wants to register how many visitors enter his shop every day. A system detects the MAC- address of each visitor’s smartphone. It is impossible for the shopkeeper to identify the owner of the phone from this signal, but telephone providers can link the MAC-address to the owner of the phone. According to the GDPR, is the shopkeeper allowed to use this method?

Options:

A.

Yes, because the shopkeeper cannot identify the owner of the telephone

B.

No, because the telephone providers are the owners of the MAC-addresses.

C.

No, because the telephone’s MAC-address must be regarded as personal data.

D.

Yes, because the visitor has automatically consented by connecting to the Wi-Fi

Buy Now
Questions 7

What is the purpose of Data Lifecycle Management (DLM)?

Options:

A.

Ensure data integrity and its periodic update

B.

Ensure data confidentiality and availability throughout its useful life.

C.

Ensure that the processing of personal data, throughout its useful life complies with the GDPR

D.

Ensure data confidentiality throughout its useful life, from collection to deletion.

Buy Now
Questions 8

What does the principle of ‘data minimization’ mean?

Options:

A.

Personal data shall be accurate and where necessary kept up to date.

B.

Personal data shall be adequate and limited to what is necessary for the purposes of the processing.

C.

Personal data shall be processed in a manner that ensures appropriate security of the personal data.

D.

Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

Buy Now
Questions 9

What is a description of data protection by design and by default?

Options:

A.

Not holding more data than is strictly required for processing

B.

An indication of timeframes if processing relates to erasure

C.

Data may only be collected for explicit and legitimate purposes

D.

An approach that implements data protection from the start (Correct)

Buy Now
Questions 10

How are the terms privacy and data protection related?

Options:

A.

Data protection is the right to privacy.

B.

The terms are synonymous.

C.

Privacy includes the right to the protection of personal data.

Buy Now
Questions 11

According to the GDPR, what is the main reason to consider data protection in the initial design phase?

Options:

A.

It ensures efficiency in project phases

B.

It ensures privacy by default

C.

It reduces the risk of fraud

D.

It reduces the risk of liability

Buy Now
Questions 12

After notifying the supervisory authority, what should be the first action the controller must take when it finds a security breach where unauthorized people have accessed personal data?

Options:

A.

Contact the DPO for formal notification to the Supervisory Authority.

B.

Analyze whether sensitive data has been accessed.

C.

Register a Police Report at the cybercrime station.

D.

Notify data subjects that have been subject to a security breach.

Buy Now
Questions 13

What is the legal status of the GDPR?

Options:

A.

The GDPR is functional law in all member states of the EEA. Some Articles allow for member states law to provide for more specific rules.

B.

The GDPR sets out minimum conditions and requirements. Member states need to pass national laws to meet these minimum requirements.

C.

The GDPR is a recommendation of the European Commission that EEA countries’ law authorities improve their laws on the protection of personal data.

Buy Now
Questions 14

Which of the following conflicts with the principle of limiting the purposes?

Options:

A.

The data is sold to another company without the consent of the data subject.

B.

Adapt the data to the purpose of the treatment.

C.

Store the data in a way that allows the identification of the data subjects.

D.

Data is used in an obscure manner to the data subject.

Buy Now
Questions 15

One of the objectives of a data protection impact assessment (DPIA) is to strengthen the confidence of customers or citizens in the way personal data is processed and privacy is respected. How can a DPIA strengthen the confidence?

Options:

A.

The organization proves that it takes privacy seriously and aims for compliance with the GDPR.

B.

The organization minimizes the risk of costly adjustments in processes or the redesign of systems in a later stage.

C.

The organization prevents non-compliance with the GDPR and minimizes the risk of fines

Buy Now
Questions 16

Which of the parts below can implement data protection by design (from conception)?

Options:

A.

The data subject.

B.

The Data Protection Officer (DPO).

C.

The processor.

D.

The supervisory authority.

Buy Now
Questions 17

An Independent Supervisory Authority has several responsibilities. Which of the following is one of these?

Options:

A.

Supervise the application of the General Data Protection Regulation (GDPR).

B.

Assist in the elaboration and adaptation of the specific data protection laws of each country.

C.

Conduct a Data Protection Impact Assessment (DPIA).

D.

Assist in the planning of a Personal Data Protection Management System when requested by the Controller.

Buy Now
Questions 18

What is the definition of Processor according to GDPR?

Options:

A.

Individual or legal entity that is not authorized to process personal data

B.

An independent public authority created by a Member State

C.

Individual or legal entity that processes personal data on behalf of the person responsible for processing personal data.

D.

Individual or legal entity that, individually or in conjunction with others, determines the purposes and means of processing personal data.

Buy Now
Questions 19

The General Data Protection Regulation (GDPR) formalizes the data subject’s right to data portability.

What is the objective of data portability?

Options:

A.

The controller has the right to move the data subject’s personal data from one organization to another.

B.

The data subject has the right to move personal data concerning him or her.

C.

The data subject has the right to move his/her personal data when moving to another country.

D.

The Supervisory Authority authorizes the movement of personal data.

Buy Now
Questions 20

A person finds that a private videotape showing her in a very intimate situation has been published on a website. She never consented to publication and demands that the video is being removed without undue delay.

According to the GDPR, what should be done next?

Options:

A.

Nothing. The video may be regarded as ‘news’ and, therefore, the website is only exercising its right to freedom of expression and information.

B.

The controller erases the video from the website and, when possible, informs any controller who might

process the same video, that it must be erased.

C.

The controller erases the video from the website. There is no obligation however, to inform others who might have copied it, that it should be erased.

D.

The controller directs the person to seek a lawyer and informs that he cannot exclude before a juridical authorization.

Buy Now
Questions 21

When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?

Options:

A.

Application of new technologies that may imply a high risk to the rights and freedoms of data subjects.

B.

There is no security policy and information security risk analysis.

C.

In all types of personal data processing.

Buy Now
Questions 22

For processing of personal data to be legal, a number of requirements must be fulfilled.

What is a requirement for lawful personal data processing?

Options:

A.

A ‘code of conduct’, describing what the processing exactly entails, must be in place.

B.

The data subject must have given consent, prior to the processing to begin.

C.

The processing must be reported to and allowed by the Data Processing Authority

D.

There must be a legitimate ground for the processing of personal data.

Buy Now
Exam Code: PDPF
Exam Name: Privacy and Data Protection Foundation
Last Update: Dec 25, 2024
Questions: 149
PDPF pdf

PDPF PDF

$25.5  $84.99
PDPF Engine

PDPF Testing Engine

$30  $99.99
PDPF PDF + Engine

PDPF PDF + Testing Engine

$40.5  $134.99