Exin PDPF Exam - Topic 1 Question 75 Discussion

Actual exam question for Exin's PDPF exam

Question #: 75
Topic #: 1

[All PDPF Questions]

According to the GDPR, what is a description of binding corporate rules (BCR)?

AA decision on the safety of transferring personal data to a non-EEA country

BA set of approved rules on personal data protection used by a group of enterprises

CA measure to compensate for the lack of personal data protection in a third country

DA set of agreements covering personal data transfers between non-EEA countries

Show Suggested Answer

Suggested Answer: C

Controller: Correct. The controller determines the purpose and means of the processing. (Literature: A, Chapter 1; GDPR Article 4(7))

Processor: Incorrect. The controller determines the purpose of the processing, the processor works on the controller's instructions.

Supervisory authority: Incorrect. The supervisory authority monitors and enforces compliance with the GDPR requirements.

Third party: Incorrect. A third party has no role in determining the purpose of the processing. Any party that determines the purpose would become a new controller.

by Carey at Oct 21, 2024, 11:12 PM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Haydee

3 months ago

I thought BCRs were just for EU companies, but they apply globally, right?

upvoted 0 times

...

Marion

3 months ago

Option A is misleading, it’s definitely about internal rules, not just safety decisions.

upvoted 0 times

...

Isidra

3 months ago

Wait, are BCRs really that important? I thought they were just guidelines.

upvoted 0 times

...

Maxima

4 months ago

Totally agree, it's option B for sure!

upvoted 0 times

...

Marica

4 months ago

BCRs are all about approved rules for data protection in companies.

upvoted 0 times

...

Reid

4 months ago

I’m leaning towards B as the correct answer since it mentions approved rules, which aligns with what I studied about BCRs.

upvoted 0 times

...

Gracia

4 months ago

I feel like option A might be related to BCR, but it sounds more like a decision rather than a set of rules.

upvoted 0 times

...

Aja

4 months ago

I remember practicing a question about data transfers, and I think BCR is about ensuring compliance when moving data outside the EEA.

upvoted 0 times

...

Meghan

5 months ago

I think BCR refers to a set of rules for companies to follow, but I'm not entirely sure if it's specifically for groups of enterprises.

upvoted 0 times

...

Reta

5 months ago

This is a tough one. The GDPR has a lot of complex regulations, and I'm not 100% sure I understand the specifics of binding corporate rules. I'll have to make an educated guess on this.

upvoted 0 times

...

Wynell

5 months ago

Okay, I remember learning about binding corporate rules in class. I believe they are a set of approved rules used by a group of enterprises to transfer personal data, so I'll go with option B.

upvoted 0 times

...

Marta

5 months ago

Hmm, I'm a bit unsure about this one. The GDPR is tricky and I'm not totally familiar with the details on binding corporate rules. I'll have to think this through carefully.

upvoted 0 times

...

Julio

5 months ago

I think the key here is to focus on the GDPR and what it says about binding corporate rules. Option B seems to be the best description based on that.

upvoted 0 times

...

Elden

9 months ago

Option B is the way to go. BCR is the GDPR's way of saying, 'You can't just throw your data around like confetti, you need some serious corporate policies in place!'

upvoted 0 times

Kimbery

8 months ago

It's important to have a solid framework like BCR in place to protect personal data in today's digital world.

upvoted 0 times

...

Howard

8 months ago

BCR is like a security blanket for personal data, making sure it's handled properly across different enterprises.

upvoted 0 times

...

Alida

9 months ago

Exactly, binding corporate rules are essential for ensuring data privacy within a group of companies.

upvoted 0 times

...

Thersa

9 months ago

I agree, option B is the correct answer. It's all about having approved rules for data protection.

upvoted 0 times

...

Gayla

10 months ago

Haha, Option D is like a set of 'personal data transfer agreements' for countries that don't really care about privacy. Nice try, but not what the GDPR is all about!

upvoted 0 times

Sommer

9 months ago

User 3: Yeah, it's not about personal data transfer agreements between non-EEA countries.

upvoted 0 times

...

Altha

9 months ago

Melissa: So, B) it is then. Thanks for clarifying!

upvoted 0 times

...

Tess

9 months ago

User 2: I agree, binding corporate rules are a set of approved rules on personal data protection used by a group of enterprises.

upvoted 0 times

...

Tambra

9 months ago

User 3: I agree, B) makes more sense in the context of GDPR.

upvoted 0 times

...

Cassie

9 months ago

User 1: I think Option B is the correct answer.

upvoted 0 times

...

Melissa

10 months ago

User 2: Yeah, that sounds right. Option D doesn't really fit the description of binding corporate rules.

upvoted 0 times

...

Benedict

10 months ago

User 1: I think it's B) A set of approved rules on personal data protection used by a group of enterprises.

upvoted 0 times

...

Jerry

10 months ago

I agree with Geraldine, Option B is the correct answer. BCR is a crucial mechanism for ensuring personal data protection within a multinational organization.

upvoted 0 times

...

Geraldine

10 months ago

Option B seems the most comprehensive description of binding corporate rules. It covers the key aspects of BCR being a set of approved rules used by a group of enterprises.

upvoted 0 times