Questionmark Perception
Dec 04 2021 |
Logged in as : candidate
Change font size

Introduction

Introduction

This is the EXIN Privacy & Data Protection Essentials (PDPE.EN) sample exam. The Rules and Regulations for EXIN’s examinations apply to this exam.

This exam consists of 20 multiple-choice questions. Each multiple-choice question has a number of possible answers, of which only one is correct.

The maximum number of points that can be obtained for this exam is 20. Each correct answer is worth 1 point. You need 13 points or more to pass the exam.

The time allowed for this exam is 30 minutes.

Good luck!





Copyright © EXIN Holding B.V. 2020. All rights reserved.
EXIN® is a registered trademark.

Question

1  of 20
The GDPR does not define privacy as a term but uses the concept implicitly throughout the text.

What is a correct definition of privacy as implicitly used throughout the GDPR?

Question

2  of 20
What is the relationship between data protection and privacy?

Question

3  of 20
Personal data as defined in the GDPR can be divided into several types. One of these types is described:

Data that directly or indirectly reveal someone's racial or ethnic background, political, philosophical, religious views, union affiliation and data related to health or sex life and sexual orientation.

What type of personal data is this?

Question

4  of 20
Which data subject right is explicitly defined by the GDPR?

Question

5  of 20
A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Which role in data protection is defined here?

Question

6  of 20
When personal data are processed, who is ultimately responsible for demonstrating compliance with the GDPR?

Question

7  of 20
To plan the amount of parking space needed, a local government monitors and saves the license plate number of every car that enters and leaves the city center. They have obtained permission to collect data on the number of cars present in the city center.

By comparing the license plate time of entry and exit the number of cars present every moment of each day is calculated. Each month a report is created detailing the average number of cars in the city center at specific moments for every day of the week. At every entrance to the city center, a billboard clearly states what data is collected by whom, the purpose of the processing and the fact that the license plate numbers are saved securely for up to two years, because the measurements will be repeated next year.

Which of the basic principles for legitimate processing of personal data is violated in this scenario?

Question

8  of 20
The GDPR refers to the principles of proportionality and subsidiarity.

What is the meaning of subsidiarity in this context?

Question

9  of 20
According to the principle of purpose limitation, data should not be processed beyond the legitimate purpose defined. However, further processing is allowed in a few specific cases, provided that appropriate safeguards for the rights and freedoms of the data subjects are taken.

For which purpose is further processing not allowed?

Question

10  of 20
A person is moving from city A to city B, within an EEA member state. In city A he was a patient of the local hospital A. In city B, he becomes a patient of hospital B. The patient has opted out of the national electronic patients file system.

The patient asks hospital A to forward his medical file directly to hospital B.

According to the GDPR, what is allowed?

Question

11  of 20
A company is planning to process personal data. The recently appointed data protection officer (DPO) executes a data protection impact assessment (DPIA). The DPO finds that all computers have a setting causing monitors to show a screen saver after five seconds of inaction. However, the computers are not locked automatically. When employees leave their desk, they usually do not lock their computers either.

What is this an example of?

Question

12  of 20
In order for personal data processing to be lawful, what is always a requirement?

Question

13  of 20
”The controller shall implement appropriate technical and organizational measures for ensuring that (.) only personal data which are necessary for each specific purpose of the processing are processed.”

Which term in the GDPR is defined here?

Question

14  of 20
According to the GDPR, what is a task of a supervisory authority?

Question

15  of 20
According to the GDPR, what is a description of binding corporate rules (BCR)?

Question

16  of 20
A controller wants to outsource processing of personal data to a processor.

What must be done before outsourcing?

Question

17  of 20
What is a description of data protection by design and by default?

Question

18  of 20
According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?

Question

19  of 20
What is the main use of a persistent cookie?

Question

20  of 20
A company wishes to use personal data of their customers. They wish to start sending all female customers a customized newsletter.

What right do all data subjects have in this scenario?