PDPF Exam Questions – EXIN Privacy and Data Protection Foundation Exam

Privacy & Data Protection Foundation is designed for all staff who need to have an understanding of data protection and the European legal requirements as defined in the GDPR. This makes it ideal for data protection officers, privacy officers, legal/compliance officers, security officers or business continuity managers.

PassQuestion can provide a shortcut for you and save you a lot of time and effort. PassQuestion will provide good PDPF Exam Questions for your EXIN Privacy and Data Protection Foundation Exam and help you pass PDPF exam. If you see other websites provide relevant information to the website, you can continue to look down and you will find that in fact the information is mainly derived from our PassQuestion. Our PassQuestion provide the most comprehensive information and update fastest.

PDPF Exam Questions – EXIN Privacy and Data Protection Foundation Exam

1. What is the essence of the principle ‘Full Lifecycle Protection’?


2. A processor is instructed to report on customers who bought a product both last month and at least once in the three months before that. Unfortunately, the processor makes a mistake and uses personal data collected by another controller for a different purpose. The mistake is found before the report is created, and nobody has access to personal date he or she should not have had access to.

How should the processor act on this situation and what should the controller do, if anything?


3. The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations.

What else is a legal obligation of the Supervisory Authority in reaction to such a notification?


4. In what way are online activities of people most effectively used by modern marketers?


5. A German company wants to enter into a binding contract with a processor in the Netherlands for the processing of sensitive personal data of German data subjects. The Dutch Supervisory Authority is informed of the type of data and the aims of the processing, including the contract describing what data will be processed and what data protection procedures and practices will be in place.

According to the GDPR, what should the Dutch Supervisory Authority do in this scenario?


6. A person finds that a private videotape showing her in a very intimate situation has been published on a website. She never consented to publication and demands that the video is being removed without undue delay.

According to the GDPR, what should be done next?


7. For processing of personal data to be legal, a number of requirements must be fulfilled.

What is a requirement for lawful personal data processing?


8. Under what EU legislation is data transfer between the EEA and the U.S.A. allowed?


9. According to the GDPR, for which situations should a Data Protection Impact Assessment (DPIA) be conducted?


10. While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder’s name and address, PIN number and more.

What kind of a data breach is this?


DEVOPSF Free Questions - EXIN DevOps Foundation V8.02

Leave a Reply

Your email address will not be published. Required fields are marked *