Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Exin PDPF Exam - Topic 5 Question 96 Discussion

Actual exam question for Exin's PDPF exam

Question #: 96
Topic #: 5

[All PDPF Questions]

When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?

AApplication of new technologies that may imply a high risk to the rights and freedoms of data subjects.

BThere is no security policy and information security risk analysis.

CIn all types of personal data processing.

Show Suggested Answer

Suggested Answer: A

Whenever a new technology is applied, a DPIA must be performed. In addition, a DPIA must be performed before starting the processing of personal data. This is important to check for risks to data subjects since data collection.

In its Article 35 the GDPR legislates on the Impact assessment on data protection.

1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.

by Mabelle at Apr 03, 2026, 09:07 AM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Stephen

1 month ago

Totally agree, option A is spot on!

upvoted 0 times

...

Alesia

1 month ago

A DPIA is mandatory when new tech poses high risks to data subjects.

upvoted 0 times

...

Adaline

2 months ago

I thought a DPIA was only required if there was a significant risk, but I'm confused about the other options. Could B be relevant if there's no security policy?

upvoted 0 times

...

Alica

2 months ago

I practiced a question similar to this, and I believe that option A aligns with the GDPR requirements for a DPIA.

upvoted 0 times

...

Sherell

2 months ago

I'm not entirely sure, but I think a DPIA isn't needed for all types of personal data processing. It seems more specific than that.

upvoted 0 times

...

Alpha

3 months ago

I remember that a DPIA is mandatory when new technologies are involved, especially if they pose a high risk to data subjects. So, I think A is correct.

upvoted 0 times

...