PDPF Exam Questions

Which of the options below best represents data protection by design?

What is the main purpose of cookies?

The Traffic Department of a city wants to know how many cars travel daily in order to plan the number of spaces needed to implement a rotating parking system. To do this, cameras w...

We know that when browsing the internet there is a lot of personal data that is collected. One mechanism for collecting this data is cookies. How do marketers use this collected pe...

What is the main reason for performing data protection by design (from conception)?

Subcontracting treatment is regulated by contract or other regulatory act under Union or Member State law, which links the processor to the controller. What this contract or other...

Who should ask for an opinion after conducting an impact assessment on the protection of personal data (DPIA)?

A controller wants to switch processors. What is necessary to review before making this change, so that it remains GDPR compliant?

A person buys a product at a store located in the European Economic Area (EEA). At the time of purchase, you are asked to fill out a registration form and he informs his personal e...

What is the definition of Supervisory Authority according to the GDPR?

Who is responsible for demonstrating the compliance of personal data processing with the General Data Protection Regulation (GDPR)?

To comply with the General Data Protection Regulation (GDPR) it is necessary to create a procedure for reporting data breaches to the Supervisory Authority. As the controller is a...

A person who works for a union took home a draft newsletter to finish it. The thumb drive containing the draft and contact list has been lost. To whom, among others, this data brea...

According to the General Data Protection Regulation (GDPR), which category of personal data is considered to be sensitive data?

What is the term used in the General Data Protection Regulation (GDPR) for the disclosure of, or unauthorized access to, personal data?

When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?

According to the GDPR, in what situation must data subjects always be notified of a personal data breach?

A person is moving from city A to city B, within an EEA member state. In city A he was a patient of the local hospital

A controller wants to outsource processing of personal data to a processor. What must be done before outsourcing?

What is the legal status of the GDPR?

data between the EEA and the US. The ruling is based on the data protection measures described in the EU-US Privacy Shield. What kind of a ruling is this?

What is the main use of a persistent cookie?

In the GDPR, some types of personal data are regarded as special category personal dat

To plan the amount of parking space needed, a local government monitors and saves the license plate number of every car that enters and leaves the city center. They have obtained p...

binding contract with a processor in the Netherlands for the processing of personal data of data subjects with various nationalities. A personal data breach occurs. The supervisory...

According to the GDPR, what is a task of a supervisory authority?

One of the seven principles of data protection by design is Functionality - Positive-Sum, not Zero- Sum. What is the essence of this principle?

What is the purpose of a data protection audit by the supervisory authority?

A company wishes to use personal data of their customers. They wish to start sending all female customers a customized newsletter. What right do all data subjects have in this scen...

The GDPR refers to the principles of proportionality and subsidiarity. What is the meaning of subsidiarity in this context?

A shopkeeper wants to register how many visitors enter his shop every day. A system detects the MAC- address of each visitor's smartphone. It is impossible for the shopkeeper to id...

Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Which data processing principle is described he...

According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?

Organizations are obliged to keep a number of records to demonstrate compliance with the GDPR. Which record is not obligatory according to the GDPR?

The GDPR does not define privacy as a term but uses the concept implicitly throughout the text. What is a correct definition of privacy as implicitly used throughout the GDPR?

Which data subject right is explicitly defined by the GDPR?

One of the objectives of a data protection impact assessment (DPIA) is to strengthen the confidence of customers or citizens in the way personal data is processed and privacy is re...

What is a description of data protection by design and by default?

What is the relationship between data protection and privacy?

A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal dat

The GDPR describes the principle of data minimization. How can organizations comply with this principle?

Some data processing falls outside of the material scope of the GDPR. What type of processing is not subject to the GDPR?

Which of the following has a data breach under the General Data Protection Regulation (GDPR)?

Your credit card has been cloned. A card contains various personal information. What category of data breach is this incident?

The General Data Protection Regulation (GDPR) is often known as the "European privacy law". What is the relationship between 'privacy' and 'data protection'?