PDPF Exam Questions

What is the essence of the principle 'Full Lifecycle Protection'?

A processor is instructed to report on customers who bought a product both last month and at least once in the three months before that. Unfortunately, the processor makes a mistak...

The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly acc...

In what way are online activities of people most effectively used by modern marketers?

A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervi...

A person finds that a private videotape showing her in a very intimate situation has been published on a website. She never consented to publication and demands that the video is b...

For processing of personal data to be legal, a number of requirements must be fulfilled. What is a requirement for lawful personal data processing?

Under what EU legislation is data transfer between the EEA and the U.S.

According to the GDPR, for which situations should a Data Protection Impact Assessment (DPIA) be conducted?

While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder's...

Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data. Which aspect...

Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including pr...

According to the GDPR, what is a mandatory topic in a DPIA report?

What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?

The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available, if requested?

Which situation is considered a data breach according to the GDPR?

A controller discovers that a data subject, who had given consent for the processing of his data, has passed away. What this implies for data processing according to the General Da...

According to the GDPR, what is the main reason to consider data protection in the initial design phase?

When does the GDPR require data subjects consent to a cookie?

A personal data breach has occurred, and the controller is writing a draft notification for the supervisory authority. The following information is already in the notification: - T...

The General Data Protection Regulation (GDPR) formalizes the data subject's right to data portability. What is the objective of data portability?

Personal data as defined in the GDPR can be divided into several types. One of these types is described: Data that directly or indirectly reveal someone's racial or ethnic backgrou...

The General Data Protection Regulation (GDPR) is based on the principles of proportionality and subsidiarity. What is the meaning of "proportionality" in this context?

What is a responsibility of Supervisory Authorities in EEA countries?

A controller can contract out the processing of personal data to another company, provided a written contract between these partners is in place. Which clause in this contract is a...

What is the purpose of Data Life Cycle Management (DLM)?

An architect, leaving a building site, puts his laptop for a moment beside his car on the road, while answering his phone. When driving away he sees in the mirror his laptop being...

What is considered a personal data processing for the General Data Protection Regulation (GDPR)?

Which cause is a data breach according to the GDPR?

"The controller shall implement appropriate technical and organizational measures for ensuring that (...) only personal data which are necessary for each specific purpose of the pr...

What does the principle of 'data minimization' mean?

According to Article.33 of the GDPR the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data...

How are the terms privacy and data protection related?

What is the definition of privacy related to the General Data protection Regulation (GDPR)?

What is the most important difference between the 95/46/EC and the GDPR?

What should be done by the EU member states and is not a responsibility of the supervisory authorities?

Personal data can be transferred outside of the EE

The General Data Protection Regulation (GDPR) allows processing of personal data only for purposes explicitly permitted by law. A tax advisor wants to file income tax returns for a...

What does the GDPR concept of 'binding corporate rules' (BCR) imply?

A written contract between a controller and a processor is called a data processing agreement. According to the GDPR, what does not have to be covered in the written contract?

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018, what is the legal status of this regulation?

GDPR quotes in one of its principles that personal data should be adequate, relevant and limited to what is necessary in relation to its purpose. What principle is this?

A company is planning to process personal dat

Which organizations need to comply with the General Data Protection Regulation (GDPR)?

In the contract between the controller and processor for the processing of personal data, which of the options below represents the sole responsibility of the Controller?

Which of the parts below can implement data protection by design (from conception)?

After appearing in a photo posted by a friend on a social network, a person felt embarrassed and decided that he wants the photo to be deleted. According to the General Data Protec...

What is the main objective of the "Lifecycle Protection" principle?

Which of the following options describes the concept of data minimization?

Which of the following types of transfers of personal data outside the European Economic Area (EEA) is allowed?