Exin Exam PDPF Topic 5 Question 60 Discussion

Actual exam question for Exin's PDPF exam

Question #: 60
Topic #: 5

[All PDPF Questions]

While performing a backup, a data server disk crashed. Both the data and the backup are lost. The disk contained personal data, but no special category personal dat

a. The processor states that this is a personal data breach. Is the statement of the processor true?

AYes, because there were no special category personal data stored on the disk.

BNo, because no personal data on the disk were processed, only destroyed

CYes, because the personal data on the disk were unlawfully processed.

DNo, because this is only a security incident and not a data breach

Show Suggested Answer

Suggested Answer: A

To advise the controller on the mitigation of privacy risks to protect the controller from liability claims for non-compliance. Incorrect. The supervisory authority has the task to monitor compliance and to advise on enhancements, but its purpose is not to protect the controller.

To fulfill the obligation in the GDPR to implement appropriate technical and organizational measures for data protection. Incorrect. The audit is not the implementation of the measures, but an assessment of the effectiveness of them.

To monitor and enforce the application of the GDPR by assessing that processing is performed in compliance with the GDPR. Correct. According to the GDPR this is an important task of a supervisory authority. (Literature: A, Chapter 7; GDPR Article 57 (1)(a))

by Glennis at May 07, 2024, 10:20 AM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rasheeda

3 months ago

Option D is clearly the best choice here. It's just a security incident, not a full-blown data breach. The processor is making a mountain out of a molehill.

upvoted 0 times

Zachary

2 months ago

User 3: Yeah, the processor is overreacting by calling it a personal data breach.

upvoted 0 times

...

Sharee

2 months ago

User 2: I agree, there was no personal data processed, only destroyed.

upvoted 0 times

...

Onita

2 months ago

User 1: I think option D is the correct choice. It's just a security incident.

upvoted 0 times

...

Joana

3 months ago

Haha, I bet the processor is just trying to cover their own behind. 'No special category data? No problem!' What a loophole!

upvoted 0 times

Marvel

2 months ago

C) Yes, because the personal data on the disk were unlawfully processed.

upvoted 0 times

...

Delmy

2 months ago

B) No, because no personal data on the disk were processed, only destroyed

upvoted 0 times

...

Malinda

3 months ago

A) Yes, because there were no special category personal data stored on the disk.

upvoted 0 times

...

Kati

3 months ago

I disagree. Option C is the way to go. The personal data were processed, even if it was unlawfully. That's a data breach according to the processor's statement.

upvoted 0 times

...

Jesusa

4 months ago

Hmm, I'm not so sure. Option B makes sense to me. Since the data were only destroyed and not processed, it may not qualify as a data breach.

upvoted 0 times

Darrin

2 months ago

Jacquelyne: That makes sense. So, it's more of a security incident than a data breach.

upvoted 0 times

...

Jacquelyne

2 months ago

User 3: I agree with Lucy. Since the data was not processed, it may not be considered a data breach.

upvoted 0 times

...

Lucy

2 months ago

User 2: But doesn't the fact that personal data was lost make it a data breach?

upvoted 0 times

...

Valentin

3 months ago

User 2: Yeah, I agree. It may not qualify as a data breach if no personal data were processed.

upvoted 0 times

...

Meghann

3 months ago

User 1: I think Option B is correct. The data were only destroyed, not processed.

upvoted 0 times

...

Ashley

3 months ago

User 1: I think option B is correct. The data was only destroyed, not processed.

upvoted 0 times

...

Kenneth

4 months ago

True, but any personal data being lost can still be considered a breach.

upvoted 0 times

...

Arlene

4 months ago

I think the correct answer is A. The processor is right because the data on the disk were personal data, even if they weren't special category. A data breach has occurred.

upvoted 0 times

...

Felicia

4 months ago

But there were no special category personal data, so maybe it's not a breach.

upvoted 0 times

...

Kenneth

4 months ago

I think the processor is right. It's a personal data breach.

upvoted 0 times

...