PDPF Online Practice Questions and Answers

Correct Answer: D

Correct Answer: D

A very repeated phrase is: "It is possible to have security without privacy, but it is not possible to have privacy without security".

Privacy is a right that should be protected, and Data Protection are the measures that will be used to achieve this protection.

Correct Answer: A

Recital 10 of GDPR states:

"Regarding the processing of personal data for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Member States should be allowed to maintain or introduce national provisions to further specify the application of the rules of this Regulation."

It also says: "This Regulation also provides a margin of manoeuvre for Member States to specify its rules, including for the processing of special categories of personal data (`sensitive data').

However, this does not mean that Member States can approve a rule that goes against a GDPR guideline. Note that these national provisions are measures to increase the effectiveness of the law. Here is an example the case of Ireland where it was established that the DPO is responsible for data breaches, something that is not provided for in the GDPR.

Correct Answer: B

When we are talking about protection by design, we are considering a data protection throughout the data lifecycle, from the collection, processing, sharing, storage and deletion.

When we focus on protecting the data on all the phases risk of not fulfilling any legal obligations decreases significantly.

Correct Answer: B

This question is likely to be charged on the exam. Memorize this name: "Privacy Shield"

In July 2016, Implementing Decision 2016/1250 came into force, which legislates that the United States must ensure an adequate level of protection for personal data transferred from the Union to United States organizations under the EU-US Privacy Protection Shield (Privacy Shield).

This is because the United States does not have a single law on the protection of personal data, because of its internal policy, each state can create its own laws. Privacy Shield aims to standardize this, so that companies in the European Union and the United States can offer their services.

Article 1 of the Implementing Decision 2016/1250:

1. For the purposes of Article 25(2) of Directive 95/46 / EC, the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the EU

U.S. Privacy Shield.

2. The EU-U.S. Privacy Shield is constituted by the Principles issued by the U.S. Department of Commerce on 7 July 2016 as set out in Annex II and the official representations and commitments contained in the documents listed in Annexes I, III to VII.

3.For the purpose of paragraph 1, personal data are transferred under the EU-U.S. Privacy Shield where they are transferred from the Union to organisations in the United States that are included in the `Privacy Shield List', maintained and made publicly available by the U.S. Department of Commerce, in accordance with Sections I and III of the Principles set out in Annex II.

Correct Answer: C

Article 20 Right to data portability:

1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Correct Answer: A

Here we have a very common catch in EXIN exams.

As stated "monthly a report is issued". Therefore, the report issued and with the average number of cars for each day is known, there is no longer a need to keep the license plate records. The information on the average number of cars per day is already sufficient for the planning of rotating parking as well as sufficient for a future comparison. So, there is no need to keep personal data stored for 5 years.

You may be wondering if a license plate is personal data. The answer is yes. Any information that makes it possible to identify a person is considered personal data.

A real and interesting example was a wife who identified her husband's car at a friend's house through Google Maps. The license plates on Google Maps are erased for security, but the car had a specific sticker. See that the wife gathered two pieces of information: car model and sticker, to identify her husband. In isolation neither of these two is a personal data, but together they become, because it was possible to identify it.

Luckily for his wife, who discovered his affair with her friend.

Correct Answer: A

In July 2016, Implementing Decision 2016/1250 came into force, which legislates that the United States must ensure an adequate level of protection for personal data transferred from the Union to United States organizations under the EU-US Privacy Protection Shield (Privacy Shield).

This is because the United States does not have a single law on the protection of personal data, since because of its internal policy, each state can create its own laws. Privacy Shield aims to standardize this, so that companies in the European Union and the United States can offer their services.

Article 1 of the Implementing Decision 2016/1250:

1. For the purposes of Article 25(2) of Directive 95/46 / EC, the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the EU

U.S. Privacy Shield.

2.

The EU-U.S. Privacy Shield is constituted by the Principles issued by the U.S. Department of Commerce on 7 July 2016 as set out in Annex II and the official representations and commitments contained in the documents listed in Annexes I, III to VI.

3.

For the purpose of paragraph 1, personal data are transferred under the EU-U.S. Privacy Shield where they are transferred from the Union to organisations in the United States that are included in the `Privacy Shield List', maintained and made publicly available by the U.S. Department of Commerce, in accordance with Sections I and III of the Principles set out in Annex II.

Correct Answer: A

The GDPR is functional law in all member states of the EEA. Some Articles allow for member states law to provide for more specific rules. Correct. The GDPR is European law but the Regulation does not exclude Member state law that sets out the circumstances for specific processing situations. (Literature: A, Chapter 1; GDPR Recital 10)

The GDPR is a recommendation of the European Commission that EEA countries' law authorities improve their laws on the protection of personal data. Incorrect. An EU recommendation is not binding. The GDPR is a functional European law in all member states.

The GDPR sets out minimum conditions and requirements. Member states need to pass national laws to meet these minimum requirements. Incorrect. This is the description of an EU Directive.

Correct Answer: B