Free Practice Questions for Exin PDPF Exam

There are some types of cookies, each with its own purpose.

Cookies are considered personal data, as they can identify a person.

In the case of the issue we are talking about the Tracking Cookies. These monitor our browsing activities and bombard us with advertisements and advertisements.

You may have already encountered the situation of searching for a particular product on the internet and then seeing ads for that product or similar on various websites.

It is necessary to check the extent of this personal data breach, what data has been accessed and what is the risk to his or her. Depending on this extension, in addition to notifying the supervisory authority, it will also be mandatory to notify the owners of the breached data.

The organization minimizes the risk of costly adjustments in processes or the redesign of systems in a later stage. Incorrect. This aspect may strengthen the confidence of management, but not of customers or citizens.

The organization prevents non-compliance with the GDPR and minimizes the risk of fines. Incorrect. Preventing fines may strengthen the confidence of management, but not of customers or citizens.

The organization proves that it takes privacy seriously and aims for compliance with the GDPR. Correct. Doing a DPIA shows customers or citizens that the company is serious about data protection. (Literature: A, Chapter 8)

In July 2016, Implementing Decision 2016/1250 came into force, which legislates that the United States must ensure an adequate level of protection for personal data transferred from the Union to United States organizations under the EU-US Privacy Protection Shield (Privacy Shield).

This is because the United States does not have a single law on the protection of personal data, since because of its internal policy, each state can create its own laws. Privacy Shield aims to standardize this, so that companies in the European Union and the United States can offer their services.

Article 1 of the Implementing Decision 2016/1250:

1.For the purposes of Article 25(2) of Directive 95/46 / EC, the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the

EU-U.S. Privacy Shield.

2.The EU-U.S. Privacy Shield is constituted by the Principles issued by the U.S. Department of Commerce on 7 July 2016 as set out in Annex II and the official representations and commitments contained in the documents listed in Annexes I, III to VI.

3.For the purpose of paragraph 1, personal data are transferred under the EU-U.S. Privacy Shield where they are transferred from the Union to organisations in the United States that are included in the ‘Privacy Shield List’, maintained and made publicly available by the U.S. Department of Commerce, in accordance with Sections I and III of the Principles set out in Annex II.

To ensure that the user’s personal data are stored securely on the server. Incorrect. Cookies are not used to store data on the server.

To personalize the user’s experience of the website during the next visit. Correct. This is the main purpose of a persistent cookie. (Literature: A, Chapter 8)

To record every keystroke made by a computer user to find out passwords. Incorrect. Cookies are not malicious by nature, but the mechanism can be exploited maliciously.

To save the pages a user has bookmarked in the user’s browser history. Incorrect. The bookmarks and browser history are saved, but not in a cookie.

Confidentiality violation. Incorrect. GDPR uses the term personal data breach. Not every data breach is a confidentiality violation.

Personal data breach. Correct. This is the definition of a personal data breach. (Literature: A, Chapter 5; GDPR Article 4(12))

Security breach. Incorrect. GDPR uses the term personal data breach. Not every security breach is a data breach. Not every data breach is a personal data breach.

Security incident. Incorrect. GDPR uses the term personal data breach. Not every security incident is a data breach.

The right to compensation. Incorrect. It is unlikely that all data subjects will suffer harm that must be compensated in this scenario.

The right to object to profiling. Correct. All data subjects have a right to object to the processing of personal data for direct marketing, including profiling. This is clearly profiling. (Literature: A, Chapter 4)

The right to rectification. Incorrect. It is unlikely that the company has incorrect data on all data subjects, so the right to rectification does not apply.

The GDPR is functional law in all member states of the EEA. Some Articles allow for member states law to provide for more specific rules. Correct. The GDPR is European law but the Regulation does not exclude Member state law that sets out the circumstances for specific processing situations. (Literature: A, Chapter 1; GDPR Recital 10)

The GDPR is a recommendation of the European Commission that EEA countries’ law authorities improve their laws on the protection of personal data. Incorrect. An EU recommendation is not binding. The GDPR is a functional European law in all member states.

The GDPR sets out minimum conditions and requirements. Member states need to pass national laws to meet these minimum requirements. Incorrect. This is the description of an EU Directive.