Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin PDPF Exam - Topic 7 Question 83 Discussion

Actual exam question for Exin's PDPF exam
Question #: 83
Topic #: 7
[All PDPF Questions]

A secretary at a pediatric cardiology clinic instead of sending the doctor the list of patients scheduled for the day, sends it to all those responsible registered for the children with scheduled appointments.

According to the GDPR, does the Supervisory Authority need to be notified? And those responsible for the data holders?

Show Suggested Answer Hide Answer
Suggested Answer: B

This is an issue that addresses two very important points -- sensitive data and data from minors.

As these are, it is necessary to inform the Supervisory Authority and those responsible for the data subjects. Article 34 mentions:

1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

Recital 38 says:

Children merit specific protection regarding their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.


by Melodie at Apr 04, 2025, 09:46 PM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kaitlyn
3 months ago
This is a serious breach! How can they not notify everyone involved?
upvoted 0 times
...
Bulah
3 months ago
I think A is a bit misleading. All parties should be aware.
upvoted 0 times
...
Diane
3 months ago
The Supervisory Authority definitely needs to be notified!
upvoted 0 times
...
Nickolas
3 months ago
I agree, B seems right. Everyone should be informed.
upvoted 0 times
...
Leota
4 months ago
Wait, why wouldn't the Supervisory Authority need to know? That seems off.
upvoted 0 times
...
Elina
4 months ago
I feel like if the people who received the data are also responsible, then maybe we don’t need to notify them. But I’m not completely sure about that.
upvoted 0 times
...
Julene
4 months ago
I'm leaning towards option C, but I’m a bit confused. I thought any exposure of personal data required notification to the authority, right?
upvoted 0 times
...
Harris
4 months ago
I remember a practice question where we had to notify both the authority and the data subjects. I feel like this situation might be similar, but I can't recall the exact details.
upvoted 0 times
...
Winifred
4 months ago
I think we definitely need to notify the Supervisory Authority because a data breach occurred, but I'm not sure about notifying the data holders.
upvoted 0 times
...
Markus
5 months ago
This is a tricky one. I'm not entirely sure if the Supervisory Authority needs to be notified, but I know the data subjects need to be informed. I'll double-check the GDPR details to make the right call.
upvoted 0 times
...
Markus
5 months ago
I'm feeling pretty confident about this one. The GDPR is clear on the notification requirements for data breaches, and this scenario seems to fit the criteria.
upvoted 0 times
...
Erick
5 months ago
Okay, I think I've got this. The key is determining whether this qualifies as a data breach that requires notification to the Supervisory Authority and the data subjects. I'll walk through the specifics step-by-step.
upvoted 0 times
...
Luis
5 months ago
Hmm, I'm a bit confused on the notification requirements here. I'll need to review the GDPR guidelines carefully to determine the right approach.
upvoted 0 times
...
Macy
5 months ago
This seems like a straightforward GDPR question, but I want to make sure I understand the details before answering.
upvoted 0 times
...
Laurene
11 months ago
I agree with Honey, it's important to notify both parties to ensure transparency and accountability.
upvoted 0 times
...
Honey
11 months ago
I disagree, I believe both the Supervisory Authority and those responsible for the data subjects should be notified.
upvoted 0 times
...
Joesph
11 months ago
Ah, the good ol' data breach dilemma. I'm going with B, but if I get it wrong, at least I'll have a great story to tell at the next GDPR party!
upvoted 0 times
Belen
9 months ago
Definitely, it's important to take data protection seriously.
upvoted 0 times
...
Mattie
9 months ago
Yeah, it's always better to follow the proper procedures in these situations.
upvoted 0 times
...
Brittni
10 months ago
I agree, it's better to be safe than sorry when it comes to data breaches.
upvoted 0 times
...
Chantell
10 months ago
I think B is the correct option. It's important to notify both the Supervisory Authority and the responsible parties.
upvoted 0 times
...
...
Lorrie
11 months ago
I think the Supervisory Authority must be notified, but not those responsible for the data subjects.
upvoted 0 times
...
Walton
11 months ago
Hmm, I don't know about this one. Kinda feels like a trick question, you know? I'm gonna go with D, just to be different.
upvoted 0 times
Vincenza
10 months ago
I agree with you, B seems like the most appropriate option in this situation.
upvoted 0 times
...
Carma
10 months ago
I think it's B, because the responsible holders should be notified since their data was exposed.
upvoted 0 times
...
...
Salena
11 months ago
C'mon, people! This is basic GDPR stuff. Definitely B, no question about it. The Supervisory Authority needs to be notified, no exceptions.
upvoted 0 times
...
Rebbecca
11 months ago
Wow, this is a tough one! I think the answer is B, but I'm not 100% sure. Better safe than sorry, right?
upvoted 0 times
Royal
9 months ago
Ezekiel: Definitely, it's always better to err on the side of caution when it comes to data protection.
upvoted 0 times
...
Layla
9 months ago
User 3: I'm not sure, but I think notifying both parties is the best course of action.
upvoted 0 times
...
Ezekiel
10 months ago
User 2: I agree, it's better to be safe and notify everyone involved.
upvoted 0 times
...
Shawna
10 months ago
User 1: I think the answer is B too. It's important to notify both the Supervisory Authority and those responsible for the data holders.
upvoted 0 times
...
Hollis
10 months ago
Della: Definitely, it's always better to err on the side of caution when it comes to data protection.
upvoted 0 times
...
Isidra
10 months ago
User 3: I'm not sure, but I think notifying both parties is the best course of action.
upvoted 0 times
...
Della
10 months ago
User 2: I agree, it's better to be safe and notify everyone involved.
upvoted 0 times
...
Danica
10 months ago
User 1: I think the answer is B too. It's important to notify both the Supervisory Authority and those responsible for the data holders.
upvoted 0 times
...
...

Save Cancel