Exin PDPF Exam - Topic 5 Question 96 Discussion

Actual exam question for Exin's PDPF exam

Question #: 96
Topic #: 5

[All PDPF Questions]

When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?

AApplication of new technologies that may imply a high risk to the rights and freedoms of data subjects.

BThere is no security policy and information security risk analysis.

CIn all types of personal data processing.

Show Suggested Answer

Suggested Answer: A

Whenever a new technology is applied, a DPIA must be performed. In addition, a DPIA must be performed before starting the processing of personal data. This is important to check for risks to data subjects since data collection.

In its Article 35 the GDPR legislates on the Impact assessment on data protection.

1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.

by Mabelle at Apr 03, 2026, 09:07 AM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Adaline

16 days ago

I thought a DPIA was only required if there was a significant risk, but I'm confused about the other options. Could B be relevant if there's no security policy?

upvoted 0 times

...

Alica

21 days ago

I practiced a question similar to this, and I believe that option A aligns with the GDPR requirements for a DPIA.

upvoted 0 times

...

Sherell

27 days ago

I'm not entirely sure, but I think a DPIA isn't needed for all types of personal data processing. It seems more specific than that.

upvoted 0 times

...

Alpha

1 month ago

I remember that a DPIA is mandatory when new technologies are involved, especially if they pose a high risk to data subjects. So, I think A is correct.

upvoted 0 times

...