New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin PDPF Exam - Topic 2 Question 31 Discussion

Actual exam question for Exin's PDPF exam
Question #: 31
Topic #: 2
[All PDPF Questions]

After notifying the supervisory authority, what should be the first action the controller must take when it finds a security breach where unauthorized people have accessed personal data?

Show Suggested Answer Hide Answer
Suggested Answer: D

Data protection and privacy are complementary, but not the same thing.

A very repeated phrase is: ''It is possible to have security without privacy, but it is not possible to have privacy without security''.

Privacy is a right that must be protected, and Data Protection are the measures that will be used to achieve this protection.


by Theola at Sep 16, 2022, 11:15 AM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Hyman
4 months ago
Surprised that some think notifying data subjects comes first!
upvoted 0 times
...
Javier
4 months ago
I thought contacting the DPO was the priority?
upvoted 0 times
...
Rickie
4 months ago
Wait, shouldn't we notify affected individuals first?
upvoted 0 times
...
Mable
4 months ago
Totally agree, understanding the breach is key!
upvoted 0 times
...
Lonny
4 months ago
The first step is to analyze if sensitive data was accessed.
upvoted 0 times
...
Louvenia
5 months ago
I thought registering a police report was more of a later step after assessing the breach. I hope I remember the order correctly!
upvoted 0 times
...
Maryann
5 months ago
I feel like contacting the DPO is important, but I can't recall if it's the very first step. Maybe it depends on the situation?
upvoted 0 times
...
Idella
5 months ago
I remember a practice question that emphasized notifying data subjects quickly, but I'm not sure if that comes before analyzing the breach.
upvoted 0 times
...
Sherman
5 months ago
I think the first action should be to analyze whether sensitive data has been accessed. It seems crucial to understand the extent of the breach first.
upvoted 0 times
...
Hester
5 months ago
Okay, a three-column layout with a mini-cart widget in the center column. I'm pretty confident I can figure this out using CSS grid or flexbox.
upvoted 0 times
...
Trevor
5 months ago
I'm leaning towards B - it's a RET of an ILF since the data store is maintained by the application.
upvoted 0 times
...
Marya
5 months ago
This seems straightforward to me. The file is used to configure the connection between the Android app and Firebase services, so option A is the correct answer. I'm confident in this choice.
upvoted 0 times
...
Brynn
10 months ago
Option A sounds like the safe bet. Get the DPO involved early on to make sure everything is handled properly.
upvoted 0 times
...
Dexter
10 months ago
Ha! I bet the controller is freaking out right now. Maybe they should just unplug the whole system and call it a day.
upvoted 0 times
Anisha
9 months ago
D) Notify data subjects that have been subject to a security breach.
upvoted 0 times
...
Bernardine
9 months ago
B) Analyze whether sensitive data has been accessed.
upvoted 0 times
...
Earnestine
10 months ago
A) Contact the DPO for formal notification to the Supervisory Authority.
upvoted 0 times
...
...
Gwenn
10 months ago
Hmm, I'm not sure. Option C about filing a police report seems like a good idea too, just to cover all bases.
upvoted 0 times
Lavina
8 months ago
D) Notify data subjects that have been subject to a security breach.
upvoted 0 times
...
Rochell
8 months ago
I think option C is a good idea, it's better to be safe than sorry.
upvoted 0 times
...
Billye
8 months ago
C) Register a Police Report at the cybercrime station.
upvoted 0 times
...
Isabella
8 months ago
B) Analyze whether sensitive data has been accessed.
upvoted 0 times
...
Hyman
8 months ago
A) Contact the DPO for formal notification to the Supervisory Authority.
upvoted 0 times
...
Ngoc
8 months ago
D) Notify data subjects that have been subject to a security breach.
upvoted 0 times
...
Kina
9 months ago
C) Register a Police Report at the cybercrime station.
upvoted 0 times
...
Gilma
9 months ago
C) Register a Police Report at the cybercrime station.
upvoted 0 times
...
Valentin
9 months ago
B) Analyze whether sensitive data has been accessed.
upvoted 0 times
...
Audry
9 months ago
A) Contact the DPO for formal notification to the Supervisory Authority.
upvoted 0 times
...
Jonell
9 months ago
B) Analyze whether sensitive data has been accessed.
upvoted 0 times
...
Irving
10 months ago
A) Contact the DPO for formal notification to the Supervisory Authority.
upvoted 0 times
...
...
Noel
10 months ago
I disagree, I believe D is the right choice. Notifying the data subjects is crucial to protect them from potential harm.
upvoted 0 times
...
Crista
10 months ago
I think option B is the correct answer. Analyzing the data accessed is the first step to understand the impact of the breach.
upvoted 0 times
Buddy
9 months ago
User 2: That makes sense. It's important to assess the extent of the breach before taking further actions.
upvoted 0 times
...
Chantell
10 months ago
User 1: I think option B is the correct answer. Analyzing the data accessed is the first step to understand the impact of the breach.
upvoted 0 times
...
...
Verlene
11 months ago
I think analyzing whether sensitive data has been accessed is also crucial before taking any further actions.
upvoted 0 times
...
Dustin
11 months ago
I agree with Salena. It's important to notify the authorities first to handle the breach properly.
upvoted 0 times
...
Salena
11 months ago
I think the first action should be to contact the DPO for formal notification to the Supervisory Authority.
upvoted 0 times
...

Save Cancel