Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Exin Exam PDPF Topic 8 Question 39 Discussion

Actual exam question for Exin's PDPF exam
Question #: 39
Topic #: 8
[All PDPF Questions]

A controller asks a processor to produce a report containing customers who have purchased a particular product more than once in the past 6 months.

The processor provides services to several companies (which in this case are the controllers).

When generating the requested report, it uses customer data collected by another controller, that is, for a different purpose.

Fortunately, the error is noticed in time, the report is not sent, and nobody has had access to this dat

a. In this case, how does the processor need to proceed and what action should the controller take?

Show Suggested Answer Hide Answer
Suggested Answer: D

Data protection and privacy are complementary, but not the same thing.

A very repeated phrase is: ''It is possible to have security without privacy, but it is not possible to have privacy without security''.

Privacy is a right that must be protected, and Data Protection are the measures that will be used to achieve this protection.


Contribute your Thoughts:

Kristel
1 months ago
I can't believe the processor would even consider generating a report with the wrong data in the first place. What were they thinking?
upvoted 0 times
Shalon
12 days ago
A) The processor notifies the Supervisory Authority that a violation has occurred. The controller will be notified and must perform a Data Protection Impact Assessment (DPIA).
upvoted 0 times
...
...
Shizue
1 months ago
Option D is the way to go. Why bother the authorities if no one has accessed the data? Just delete the report and move on.
upvoted 0 times
Meaghan
9 days ago
Yes, it's important to handle the situation internally first before escalating it to the authorities. Deleting the wrong report and generating a new one is the right step.
upvoted 0 times
...
Howard
12 days ago
I agree, it's better to just correct the mistake internally and move forward. Deleting the incorrect report is the right move.
upvoted 0 times
...
Carlee
18 days ago
Option D is definitely the best course of action. No need to involve the authorities if the data wasn't compromised.
upvoted 0 times
...
...
Julian
2 months ago
This is a tricky one! I'm going to have to go with option B. Better safe than sorry when it comes to data protection.
upvoted 0 times
Rosalia
10 days ago
Absolutely, it's always better to be cautious when it comes to data protection.
upvoted 0 times
...
Charlene
1 months ago
Yes, notifying the controller to assess any risks to the data subjects is definitely the right move.
upvoted 0 times
...
Francoise
1 months ago
I agree, option B seems like the safest choice in this situation.
upvoted 0 times
...
...
Maryanne
2 months ago
I'm not sure about this one. If the error was noticed in time and the report wasn't sent, then maybe option D is the best choice. The processor can just delete the wrong report and generate a new one with the correct data.
upvoted 0 times
...
Yun
2 months ago
Option C seems more appropriate to me. The processor needs to notify the controller, and then the controller should notify the Supervisory Authority of the personal data breach.
upvoted 0 times
The controller should then notify the Supervisory Authority of the personal data breach.
upvoted 0 times
...
Jacquelyne
20 hours ago
The processor needs to notify the controller.
upvoted 0 times
...
Alline
3 days ago
Option C seems more appropriate to me.
upvoted 0 times
...
Hubert
23 days ago
The controller should then notify the Supervisory Authority of the personal data breach.
upvoted 0 times
...
Rana
1 months ago
The processor needs to notify the controller.
upvoted 0 times
...
Margarita
2 months ago
Option C seems more appropriate to me.
upvoted 0 times
...
...
Frederick
2 months ago
I believe the processor should also inform the Supervisory Authority about the violation.
upvoted 0 times
...
Rene
2 months ago
I agree with you, Brianne. The controller needs to assess the risks to the data subjects.
upvoted 0 times
...
Olen
2 months ago
I think option B is the correct answer. The processor should notify the controller, and the controller can then assess whether there were any risks to the data subjects.
upvoted 0 times
Denny
29 days ago
Yes, notifying the controller is crucial to ensure data protection measures are in place.
upvoted 0 times
...
Maile
1 months ago
It's important to handle data breaches carefully.
upvoted 0 times
...
Alexia
2 months ago
The controller can then check for any risks to the data subjects.
upvoted 0 times
...
Lezlie
2 months ago
Option B is a good choice. The processor needs to inform the controller.
upvoted 0 times
...
...
Brianne
3 months ago
I think the processor should notify the controller about the error.
upvoted 0 times
...

Save Cancel