PDPF Exam Questions

Which of these options is an example of a data breach?

Data protection and privacy are closely related terms. Which of these options best represent this relationship?

After notifying the supervisory authority, what should be the first action the controller must take when it finds a security breach where unauthorized people have accessed personal...

Which of the following conflicts with the principle of limiting the purposes?

What year did the General Data Protection Regulation (GDPR) come into force?

How does a Supervisory Authority collaborate to the application of GDPR?

Which of the alternatives describes one of the Supervisory Authority's responsibilities?

How does GDPR regulate this specific case? A woman uses the services of a gym in the city where she lives. Yet she will move to another town. So, she requests the current gym to tr...

A company CEO travels to a meeting in another city. He takes a notebook with information about the company's new projects and acquisitions, which will be the subject of discussion...

When a data breach occurs in a company that has branches in several countries of the European Union, which supervisory authority is competent to take the appropriate measures?

The Control Authority may impose fines on organizations that are not meeting the mandatory requirements of the General Data Protection Regulation (GDPR).

A person buys a product at a store located in the European Economic Area (EEA). At the time of purchase, you are asked to fill out a registration form and he informs his personal e...

Which of the following options is provided for in the GDPR and can be made by Member States?

The GDPR contains several items. Which of these contains mandatory requirements?

What is the main purpose of the General Data Protection Regulation (GDPR)?

A company's director's notebook is accidentally wet, which permanently damages the equipment so that it cannot recover its data. The lost data concerned the financial reports of th...

Which condition below allows personal data to be processed legally?

When personal data are processed, who is ultimately responsible for demonstrating compliance with the GDPR?

The word privacy is never mentioned in the General Data Protection Regulation (GDPR) text. Despite this, what would be the best definition of the privacy according to the Regulatio...

One of the basic principles of the General Data Protection Regulation (GDPR) is subsidiarity. What is subsidiarity to GDPR?

The controller responsible for the UK Child Sexual Abuse Investigation body reported a data breach to the supervisory authority in the UK on 28 February 2019. People who had regist...

In its Article 9 the GDPR categorizes some types of personal data as "sensitive". Of these below which are considered sensitive?

A secretary at a pediatric cardiology clinic instead of sending the doctor the list of patients scheduled for the day, sends it to all those responsible registered for the children...

A breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwis...

In the European Union we have: Directives and Regulations. What is the difference between them?

A good practice is to lock the computer automatically or manually when you are away from the workstation. The company's DPO realizes that this procedure is not being followed by em...

Which option below defines correctly data protection by design (from conception)?

According to the GDPR, what is a description of binding corporate rules (BCR)?

We know that when a personal data breach occurs, the data controller (Controller) must notify the Supervisory Authority within 72 hours, without justified delay. However, should th...

Which of the options below is classified as a personal data breach under the GDPR?

What is called the adequacy decision that allows data transfer between the United States and the European Economic Area (EEA)?

Racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as the processing of genetic data, biometric data, health data or data...

While performing a backup, a data server disk crashed. Both the data and the backup are lost. The disk contained personal data, but no special category personal dat

What is the definition of Controller according to GDPR?

A gentleman has a loan denied by the bank's system that he has been a customer for many years. He is disgusted, because the loan would make it possible to hold the wedding of his o...

How should data protection between the processor and controller be regulated in accordance with the General Data Protection Regulation (GDPR)?

How is Data Lifecycle Management (DLM) related to data protection?

According to the principle of purpose limitation, data should not be processed beyond the legitimate purpose defined. However, further processing is allowed in a few specific cases...

What is the definition of Processor according to GDPR?

What is the main difference between Directive 95/46 / EC and the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) in its Article 30 legislates on the Records of treatment activities. If requested, the controller must provide these records:

Regarding the Supervisory Authority's "Investigative Powers", it is correct to state:

According to the General Data Protection Regulation (GDPR) which covers the concept "Compulsory Corporate Rules"?

Article 33 of the GDPR deals with "Notification of a personal data breach to the supervisory authority". Paragraph 3 sets out the minimum information that must be included in this...

A controller asks a processor to produce a report containing customers who have purchased a particular product more than once in the past 6 months. The processor provides services...

What is the purpose of Data Lifecycle Management (DLM)?

offense under European law. What kind of offense is this?

The General Data Protection Regulation (GDPR) is related to the protection of personal dat

Regarding the Portability Law for data subjects, which option is correct?

A company located in France wishes to enter into a compulsory contract with a processor located in Portugal. This contract aims to process sensitive French personal dat