Free Preparation Discussions
MENU
Exin Privacy and Data Protection Foundation Exam
- Topic 1: Right to Object and Automated Individual Decision-Making/ Data Protection history in ?birds view?
- Topic 2: Purpose Limitation and Purpose Specification/ Definitions and Historical Context
- Topic 3: Legitimate Grounds and Purpose Limitation/ Right to restriction of processing
- Topic 4: Material and territorial scope of the GDPR/ Lawfulness, Fairness and Transparency
- Topic 5: Regulation versus Directive/ Transparent Information, Communication and Modalities
- Topic 6: Direct, indirect, pseudonymized personal data/ Processing of Personal Data
- Topic 7: Information to be provided to the data subject in any case/ Legitimate Grounds for Processing
- Topic 8: Information on and Access to Personal Data/ Information to be provided to the data subject when transferring personal data
- Topic 9: Right of Access (Inspection) by the Data Subject/ Automated individual decision-making, including profiling
Free Exin Privacy and Data Protection Foundation Exam Actual Questions
The questions for Privacy and Data Protection Foundation were last updated On Nov. 14, 2023
A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal dat
a. Which role in data protection is defined here?
Controller: Correct. The controller determines the purpose and means of the processing. (Literature: A, Chapter 1; GDPR Article 4(7))
Processor: Incorrect. The controller determines the purpose of the processing, the processor works on the controller's instructions.
Supervisory authority: Incorrect. The supervisory authority monitors and enforces compliance with the GDPR requirements.
Third party: Incorrect. A third party has no role in determining the purpose of the processing. Any party that determines the purpose would become a new controller.
Some data processing falls outside of the material scope of the GDPR. What type of processing is not subject to the GDPR?
Collecting name and address information for a gymnastics club. Incorrect. Collecting is also considered processing data.
Creating a back-up of biometric data for data security purposes. Incorrect. Storage is also considered processing data.
Editing personal photographs before printing them at home. Correct. The GDPR is not applicable to home-use of your own photographs. (Literature: A, Chapter 1; GDPR Article 4)
Which of the following has a data breach under the General Data Protection Regulation (GDPR)?
According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?
When a project includes technologies or processes that use personal data. Incorrect. Only for technologies and processes that are likely to result in a high risk to the rights of data subjects is the DPIA mandatory.
When processing is likely to result in a high risk to the rights of data subjects. Correct. For processing operations which are likely to result in a high risk, a DPIA is obligatory to assess those risks and to design mitigation measures. (Literature: A, Chapter 6; GDPR Article 35)
When similar processing operations with comparable risks are repeated. Incorrect. This is a case in which a DPIA does not need to be repeated.
The General Data Protection Regulation (GDPR) is often known as the ''European privacy law''. What is the relationship between 'privacy' and 'data protection'?
Data protection and privacy are complementary, but not the same thing.
A very repeated phrase is: ''It is possible to have security without privacy, but it is not possible to have privacy without security''.
Privacy is a right that must be protected, and Data Protection are the measures that will be used to achieve this protection.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Submit Cancel