New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin PDPF Exam - Topic 1 Question 81 Discussion

Actual exam question for Exin's PDPF exam
Question #: 81
Topic #: 1
[All PDPF Questions]

Article 33 of the GDPR deals with ''Notification of a personal data breach to the supervisory authority''.

Paragraph 3 sets out the minimum information that must be included in this notification. Which of the below is one of these?

Show Suggested Answer Hide Answer
Suggested Answer: C

Yes, because the shopkeeper cannot identify the owner of the telephone. Incorrect. The issue is not whether the shopkeeper can identify the visitor, but that it is technically possible to do so.

Yes, because the visitor has automatically consented by connecting to the Wi-Fi. Incorrect. Consent must be an active, informed and free act of agreement to the processing. To see a MAC-address, the visitor does not need to be logged onto the Wi-Fi.

No, because the telephones MAC-address must be regarded as personal data. Correct. The phone's signal is a unique code that can be linked to the owner of the phone. The data must be regarded as personal data, because it is technically possible to identify the visitor. (Literature: A, Chapter 3; GDPR Article 26 and 30)

No, because the telephone providers are the owners of the MAC-addresses. Incorrect. The shopkeeper is not allowed to keep the data or process it because it must be regarded as personal data. The telephone provider is not the owner of the MAC-address, nor is the telephone provider protected by the GDPR.


by William at Mar 09, 2025, 01:36 AM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dorethea
3 months ago
I thought they had to notify all data subjects too, huh?
upvoted 0 times
...
Clement
4 months ago
C sounds too extreme, they can't just share personal data like that!
upvoted 0 times
...
Elenore
4 months ago
Wait, is B really not required? That seems odd.
upvoted 0 times
...
Marquetta
4 months ago
I agree, A makes the most sense here.
upvoted 0 times
...
Shelia
4 months ago
A is definitely one of the required details!
upvoted 0 times
...
Kiera
4 months ago
I remember focusing on the importance of having a contact point for follow-up questions. It makes sense that it would be part of the minimum information required.
upvoted 0 times
...
Layla
5 months ago
I vaguely recall a practice question mentioning that a copy of the breached data isn't required in the notification. It seems like that would complicate things too much.
upvoted 0 times
...
Caprice
5 months ago
I'm not entirely sure, but I feel like we discussed that they don't need to provide all data subjects' contact info in the notification.
upvoted 0 times
...
Davida
5 months ago
I think I remember that the notification should include a contact point, like the DPO's info. That seems to fit with what we studied about transparency.
upvoted 0 times
...
Carolann
5 months ago
Okay, let me think this through step-by-step. The question is asking about the minimum information required in the notification, and A seems to fit that description best. I'll go with A unless I spot something I'm missing.
upvoted 0 times
...
Lisandra
5 months ago
The key is to focus on the specific requirements mentioned in paragraph 3 of Article 33. I'm pretty confident A is the correct answer, but I'll double-check just to be sure.
upvoted 0 times
...
Vivan
5 months ago
Hmm, I'm a bit unsure about this one. I'll need to re-read the question and options carefully to make sure I understand what's being asked.
upvoted 0 times
...
Kenny
5 months ago
This seems straightforward, I think the answer is A based on the information provided in the question.
upvoted 0 times
...
Willodean
10 months ago
Wait, we're supposed to analyze the breached data? I thought we were just supposed to report it. This exam is getting more complicated by the minute!
upvoted 0 times
...
Susana
10 months ago
Ah, the good old GDPR exam questions. Keeping us on our toes, as always. I wonder if they'll ask about the fines next...
upvoted 0 times
Francoise
9 months ago
C) A copy of the breached personal data to be analyzed.
upvoted 0 times
...
Marg
9 months ago
B) Contact information for all data subjects.
upvoted 0 times
...
Xuan
9 months ago
A) The contact of the data protection officer or another point of contact where more information could be obtained.
upvoted 0 times
...
...
Bulah
11 months ago
C? Really? Sending a copy of the breached data? That's a terrible idea and a clear GDPR violation!
upvoted 0 times
Lawrence
10 months ago
C) A copy of the breached personal data to be analyzed.
upvoted 0 times
...
Shantay
10 months ago
B) Contact information for all data subjects.
upvoted 0 times
...
Desirae
10 months ago
A) The contact of the data protection officer or another point of contact where more information could be obtained.
upvoted 0 times
...
...
Anissa
11 months ago
I was sure B was the answer. Providing all the affected data subjects' contact details seems like the responsible thing to do.
upvoted 0 times
Georgiana
9 months ago
I was also leaning towards B, but it looks like the correct answer is actually A.
upvoted 0 times
...
Carmen
9 months ago
C) A copy of the breached personal data to be analyzed.
upvoted 0 times
...
Jenifer
9 months ago
B) Contact information for all data subjects.
upvoted 0 times
...
Layla
9 months ago
A) The contact of the data protection officer or another point of contact where more information could be obtained.
upvoted 0 times
...
...
Jeannetta
11 months ago
A is the correct answer! The GDPR requires the notification to include the contact details of the data protection officer or another point of contact for more information.
upvoted 0 times
Iluminada
10 months ago
A is the correct answer! The GDPR requires the notification to include the contact details of the data protection officer or another point of contact for more information.
upvoted 0 times
...
Ligia
10 months ago
A) The contact of the data protection officer or another point of contact where more information could be obtained.
upvoted 0 times
...
...
Albina
11 months ago
I'm not sure, but I think it's important to have a clear point of contact for data protection issues.
upvoted 0 times
...
Ryann
11 months ago
I agree with Diane, because it makes sense to have a designated contact for handling data breaches.
upvoted 0 times
...
Diane
11 months ago
I think the answer is A) The contact of the data protection officer or another point of contact where more information could be obtained.
upvoted 0 times
...

Save Cancel