PDPF Practice Exam Questions and Answers

A.  

Data protection officer (DPO)

B.  

Supervisory authority

C.  

Processor

D.  

Controller

A.  

Send the notification with the date of the violation changed, to remain within 72 hours.

B.  

After 72 hours there is no longer any need to send notification of personal data breach.

C.  

Do not notify and seek ways to hide the violation so that the Supervisory Authority or the titleholders are made aware

D.  

Send the notification, even after 72 hours, accompanied by the reasons for the delay

A.  

By applying the concept of least privilege to the personal data collected, stored or otherwise processed.

B.  

By limiting access rights to staff who need the personal data for the intended processing operations

C.  

By limiting the personal data to what is adequate, relevant and necessary for the processing purposes

D.  

By limiting file sizes, through saving all personal data that is processed in the smallest possible format

A.  

For all projects that include technologies or processes that require data protection

B.  

For all sets of similar processing operations with comparable risks

C.  

For any situation where technologies and processes will be subject to a risk assessment

D.  

For technologies and processes that are likely to result in a high risk to the rights of data subjects

A.  

The owner does not have this right, since he bought a product in the store, he has the right to send emails with new promotions.

B.  

The store has 30 days from the date of receipt of the customer’s request to delete all data at no cost to the customer.

C.  

The store must delete customer data from its advertising list. Purchase data cannot be deleted, as financial data has to be kept longer.

A.  

The contractor code of business ethics and conduct that is used.

B.  

Which data are covered by the data processing agreement

C.  

The information security and personal data breach procedures

D.  

The technical and organizational measures implemented

A.  

illegally obtained corporate data from a human resources management system

B.  

Personal data is processed without a binding contract.

C.  

Personal data is processed by anyone other than the controller, processor or, possibly, subprocessor

D.  

The operation of a vulnerable server in the internal network of the processor

A.  

Regulation for transfer of personal data between EEA and USA/

B.  

Privacy Shield

C.  

General Data Protection Law (GDPL)

D.  

General Data Protection Regulation (GDPR)

A.  

Only organizations that have employees in the European Union (EU).

B.  

Only organizations that have their headquarters in the European Union (EU).

C.  

All organizations anywhere in the world.

D.  

All organizations located in the European Union and also organizations outside the European Union that offer goods or services to data subjects in the EU.

A.  

The right not to have your life monitored by technologies.

B.  

Have freedom of expression.

C.  

The right to respect for private and family life, for home and communications.

D.  

The right to have your personal data protected.