Exin Exam PDPF Topic 8 Question 69 Discussion

Actual exam question for Exin's PDPF exam

Question #: 69
Topic #: 8

[All PDPF Questions]

A personal data breach has occurred, and the controller is writing a draft notification for the supervisory authority. The following information is already in the notification:

- The nature of the personal data breach and its possible consequences.

- Information regarding the parties that can provide additional information about the data breach.

What other information must the controller provide?

AInformation of local and national authorities that were informed about the data breach.

BName and contact details of the data subjects whose data may have been breached

CSuggested measures to mitigate the adverse consequences of the data breach.

DThe information needed to access the personal data that have been breached.

Show Suggested Answer

Suggested Answer: A

To advise the controller on the mitigation of privacy risks to protect the controller from liability claims for non-compliance. Incorrect. The supervisory authority has the task to monitor compliance and to advise on enhancements, but its purpose is not to protect the controller.

To fulfill the obligation in the GDPR to implement appropriate technical and organizational measures for data protection. Incorrect. The audit is not the implementation of the measures, but an assessment of the effectiveness of them.

To monitor and enforce the application of the GDPR by assessing that processing is performed in compliance with the GDPR. Correct. According to the GDPR this is an important task of a supervisory authority. (Literature: A, Chapter 7; GDPR Article 57 (1)(a))

by Suzan at Sep 06, 2024, 01:30 PM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kayleigh

25 days ago

Option D - 'The information needed to access the personal data that have been breached.' Ah, the classic 'give the thieves the keys to the vault' approach. Bold move, let's see how it plays out!

upvoted 0 times

Sabine

15 days ago

C) Suggested measures to mitigate the adverse consequences of the data breach.

upvoted 0 times

...

Pearline

18 days ago

B) Name and contact details of the data subjects whose data may have been breached

upvoted 0 times

...

Phyliss

19 days ago

A) Information of local and national authorities that were informed about the data breach.

upvoted 0 times

...

Trinidad

1 months ago

Option A is tempting, but I think the focus should be on addressing the breach, not just informing the authorities. C is the way to go.

upvoted 0 times

...

Rhea

1 months ago

Hah, option B would be a real privacy nightmare! Imagine having to give out all the data subjects' contact details. That's a hard pass.

upvoted 0 times

Deja

21 days ago

C) Suggested measures to mitigate the adverse consequences of the data breach.

upvoted 0 times

...

Vicky

23 days ago

A) Information of local and national authorities that were informed about the data breach.

upvoted 0 times

...

Kenda

1 months ago

I'm not sure about option D. Providing the information needed to access the breached data seems like a bad idea - that could lead to further misuse of the data.

upvoted 0 times

...

Marlon

1 months ago

Option C seems like the right choice here. The controller should provide the supervisory authority with suggestions on how to mitigate the impact of the data breach.

upvoted 0 times

...