New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin PDPF Exam - Topic 8 Question 94 Discussion

Actual exam question for Exin's PDPF exam
Question #: 94
Topic #: 8
[All PDPF Questions]

A controller wants to outsource processing of personal data to a processor. What must be done before outsourcing?

Show Suggested Answer Hide Answer
Suggested Answer: B

The controller must ask the supervisory authority for permission to outsource the processing of the data. Incorrect. The controller does not have to ask the supervisory authority for permission for each instance of outsourcing.

The controller must ask the supervisory authority if the agreed written contract is compliant with the regulations. Incorrect. The supervisory authority is not a legal counsel and will not check contracts for compliance.

The controller and processor must draft and sign a written contract guaranteeing the confidentiality of the data. Correct. There must be a written contract guaranteeing the confidentiality of the data, listing the purposes and means of processing as defined by the controller and specifying that processor will only process on instruction of the controller. Both parties must sign this contract. (Literature: A, Chapter 8; GDPR Article 28 (3))

The processor must show the controller that all demands agreed in the service level agreement (SLA) are met. Incorrect. An SLA is not enough as it will focus on operations, not necessarily on purposes.


by Stephaine at Jan 22, 2026, 10:48 PM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cristen
7 days ago
I remember something about conducting a risk assessment before outsourcing, but I can't recall all the details.
upvoted 0 times
...
Evangelina
13 days ago
I think the controller needs to ensure there's a data processing agreement in place, but I'm not entirely sure what specific clauses should be included.
upvoted 0 times
...
Danica
18 days ago
From what I remember, we have to get the data subject's consent before sharing their personal information with a third-party processor. I'm pretty confident about that.
upvoted 0 times
...
Carey
23 days ago
Wait, what exactly do we need to do before outsourcing? I'm a bit confused on the legal requirements for this.
upvoted 0 times
...
Emerson
28 days ago
Okay, I know there are some key steps we have to take. First, we need to do a risk assessment and make sure the processor has appropriate security measures.
upvoted 0 times
...
Lenna
1 month ago
Hmm, I'm not totally sure about the specifics here. I'll need to review the data protection requirements around outsourcing.
upvoted 0 times
...
Tresa
1 month ago
I think we need to make sure there's a data processing agreement in place before outsourcing any personal data.
upvoted 0 times
...

Save Cancel