Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin PDPF Exam - Topic 8 Question 94 Discussion

Actual exam question for Exin's PDPF exam
Question #: 94
Topic #: 8
[All PDPF Questions]

A controller wants to outsource processing of personal data to a processor. What must be done before outsourcing?

Show Suggested Answer Hide Answer
Suggested Answer: B

The controller must ask the supervisory authority for permission to outsource the processing of the data. Incorrect. The controller does not have to ask the supervisory authority for permission for each instance of outsourcing.

The controller must ask the supervisory authority if the agreed written contract is compliant with the regulations. Incorrect. The supervisory authority is not a legal counsel and will not check contracts for compliance.

The controller and processor must draft and sign a written contract guaranteeing the confidentiality of the data. Correct. There must be a written contract guaranteeing the confidentiality of the data, listing the purposes and means of processing as defined by the controller and specifying that processor will only process on instruction of the controller. Both parties must sign this contract. (Literature: A, Chapter 8; GDPR Article 28 (3))

The processor must show the controller that all demands agreed in the service level agreement (SLA) are met. Incorrect. An SLA is not enough as it will focus on operations, not necessarily on purposes.


by Stephaine at Jan 22, 2026, 10:48 PM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Myra
3 days ago
Outsourcing personal data? I'd rather not, it's like handing over the keys to the kingdom.
upvoted 0 times
...
Lisha
8 days ago
Outsourcing personal data? Better call in the data protection officer, they'll know what's up.
upvoted 0 times
...
Nettie
13 days ago
Gotta make sure the processor is GDPR-compliant, otherwise it's a recipe for disaster!
upvoted 0 times
...
Toi
18 days ago
Definitely need to have a data processing agreement in place before outsourcing any personal data.
upvoted 0 times
...
Doyle
24 days ago
The controller must ensure that the processor provides sufficient guarantees to implement appropriate technical and organizational measures.
upvoted 0 times
...
Lauran
29 days ago
I feel like there’s a requirement to check if the processor complies with relevant data protection laws, but I’m not confident on the exact steps involved.
upvoted 0 times
...
Noble
1 month ago
There was a practice question about this! I believe the controller must verify that the processor provides sufficient guarantees regarding data security.
upvoted 0 times
...
Cristen
2 months ago
I remember something about conducting a risk assessment before outsourcing, but I can't recall all the details.
upvoted 0 times
...
Evangelina
2 months ago
I think the controller needs to ensure there's a data processing agreement in place, but I'm not entirely sure what specific clauses should be included.
upvoted 0 times
...
Danica
2 months ago
From what I remember, we have to get the data subject's consent before sharing their personal information with a third-party processor. I'm pretty confident about that.
upvoted 0 times
...
Carey
2 months ago
Wait, what exactly do we need to do before outsourcing? I'm a bit confused on the legal requirements for this.
upvoted 0 times
...
Emerson
3 months ago
Okay, I know there are some key steps we have to take. First, we need to do a risk assessment and make sure the processor has appropriate security measures.
upvoted 0 times
...
Lenna
3 months ago
Hmm, I'm not totally sure about the specifics here. I'll need to review the data protection requirements around outsourcing.
upvoted 0 times
...
Tresa
3 months ago
I think we need to make sure there's a data processing agreement in place before outsourcing any personal data.
upvoted 0 times
...

Save Cancel