PECB GDPR Exam - Topic 2 Question 14 Discussion

Actual exam question for PECB's GDPR exam

Question #: 14
Topic #: 2

[All GDPR Questions]

Questio n:

Under GDPR, the controller must demonstrate that data subjects have consented to the processing of their personal data, and the consent must be freely given.

What is the role of the DPO in ensuring compliance with this requirement?

AThe DPO should ensure that the controller has informed data subjects about their right to withdraw consent.

BThe DPO should ensure that the controller has implemented procedures to provide evidence that consent has been obtained for all relevant personal data.

CThe DPO should personally record information such as who consented, when they consented, and how consent was given.

DThe DPO should approve the legal basis for consent processing before the controller can collect personal data.

Show Suggested Answer

Suggested Answer: B

Under Article 7(1) of GDPR, controllers must be able to demonstrate that the data subject has given consent. The DPO advises on ensuring these procedures are in place but does not collect or approve consent directly.

Option B is correct because the DPO must verify that consent records exist and meet GDPR standards.

Option A is incorrect because informing data subjects about withdrawal rights is the controller's duty, not the DPO's.

Option C is incorrect because the DPO does not personally maintain consent logs.

Option D is incorrect because DPOs do not approve legal bases for processing---this is the controller's responsibility.

GDPR Article 7(1) (Controller must demonstrate valid consent)

GDPR Article 39(1)(b) (DPO ensures compliance with data protection obligations)

by Alline at Mar 30, 2026, 07:25 AM

Limited Time Offer

25%

Off

Get Premium GDPR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Thurman

4 days ago

I feel like we had a practice question that mentioned the DPO ensuring data subjects know they can withdraw consent, which might relate to option A.

upvoted 0 times

...

Celestine

9 days ago

I'm not entirely sure, but I think the DPO's role is more about oversight rather than recording consent details personally, so option C seems off.

upvoted 0 times

...

Ivan

14 days ago

I remember we discussed how the DPO plays a crucial role in ensuring that consent is properly documented, so I think option B makes sense.

upvoted 0 times

...