Exin Exam PDPF Topic 1 Question 85 Discussion

Actual exam question for Exin's PDPF exam

Question #: 85
Topic #: 1

[All PDPF Questions]

When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?

AApplication of new technologies that may imply a high risk to the rights and freedoms of data subjects.

BThere is no security policy and information security risk analysis.

CIn all types of personal data processing.

Show Suggested Answer

Suggested Answer: A

Whenever a new technology is applied, a DPIA must be performed. In addition, a DPIA must be performed before starting the processing of personal data. This is important to check for risks to data subjects since data collection.

In its Article 35 the GDPR legislates on the Impact assessment on data protection.

1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.

by Jeanice at Jun 15, 2025, 06:21 AM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lynda

7 days ago

A seems like the correct answer. DPIA is required when new technologies pose high risks to individuals' rights and freedoms.

upvoted 0 times

...