PDPF Exam Dumps - Privacy and Data Protection Foundation

It aims to manage the flow of data throughout the life cycle, from collection, processing, sharing, storage and deletion.

Having the knowledge where the data travels, who is responsible, who has access, helps and a lot to implement security measures.

Accuracy. Incorrect. Accuracy is the principle that personal data shall be accurate and kept up to date.

Data minimization. Correct. Data minimization means that personal data shall be adequate, relevant and limited to what is necessary. (Literature: A, Chapter 2; GDPR Article 5(1))

Fairness and transparency. Incorrect. Fairness and transparency mean that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

Purpose limitation. Incorrect. Purpose limitation means that personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with GDPR Article 89(1), not be considered to be incompatible with the initial purposes.

Article 4 dealing with the GDPR Definitions says in its paragraph 21:

‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51.

Data protection and privacy are synonyms and have the same meaning. Incorrect. Data protection helps to protect a person’s privacy, but the terms are not synonyms.

Data protection is the part of privacy that protects a person’s physical integrity. Incorrect. Data protection is not related to physical integrity or physical privacy.

Data protection refers to the measures needed to protect a person’s privacy. Correct. Data protection are some of the measures needed to protect a person’s privacy. (Literature: A, Chapter 1)

It is not necessary to inform the Supervisory Authority of any violation that occurs. But every violation must be analyzed with caution and attention. It is not necessary to notify the Supervisory Authority only if it does not present risks to the data subjects.

The DPO must always be involved to guide the best strategy and action for each violation that occurs. Article 38 legislates on the position of the data protection officer:

1. The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.

It is clear that the DPO – Data Protection Officer, must be involved in the entire data processing life cycle. From its collection to its exclusion.

The correct option is the responsibility of the Supervisory Authority, the others are the responsibility of the processor.

GDPR Article 3 decrees:

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

a)the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or;

b)the monitoring of their behaviour as far as their behaviour takes place within the Union.

When we have a Regulation, such as the GDPR, all EU member states are obliged to follow it. The regulation is a law and Member States cannot create laws that oppose it. Unlike the Directives that set objectives to be achieved, however, each Member State is free to decide how to apply them in its country.