Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Privacy and Data Protection Foundation

Last Update 4 hours ago Total Questions : 149

The Privacy and Data Protection Foundation content is now fully updated, with all current exam questions added 4 hours ago. Deciding to include PDPF practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our PDPF exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these PDPF sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Privacy and Data Protection Foundation practice test comfortably within the allotted time.

Question # 31

According to Article.33 of the GDPR the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. What is the maximum penalty for non-compliance with this notification obligation?

A.

€ 10.000.000 or 2% of the annual global turnover, whichever is higher

B.

€ 20.000.000 or 4% of the annual global turnover, whichever is higher

C.

Up to € 500.000 with a minimum of € 120.000

D.

Up to € 820.000 with a minimum of € 350.000

Question # 32

The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations.

What else is a legal obligation of the Supervisory Authority in reaction to such a notification?

A.

To assess compliance with the law in all classes where sensitive personal data is processed

B.

To assess the legitimacy of operations that involve specific risks for the data subjects

C.

To assess the legitimacy of binding contract(s) between the controller and the data processor(s)

D.

To give out a license for the data processing, specifying the types of personal data which are allowed

Question # 33

Regarding the Portability Law for data subjects, which option is correct?

A.

The data subject has the right to object at any time, for reasons related to their particular situation, so that the data is not shared between controllers.

B.

The data subject has the right to ask the controller to rectify, erase or limit the processing of personal data with respect to the data subject if he has shared his data.

C.

The data owner has the right to transmit his data to another controller without the controller that already has the personal data provided being able to prevent it.

D.

The data subject has the right to obtain from the controller the limitation of processing so that the data is shared.

Question # 34

A controller can contract out the processing of personal data to another company, provided a written contract between these partners is in place.

Which clause in this contract is a responsibility of the controller?

A.

To ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

B.

To make available all information necessary to demonstrate compliance with the obligations laid down in the GDPR and allow for and contribute to audits, including inspections.

C.

To process the personal data only on documented instructions, including with regard to transfers of personal data to a third country or an international organization.

D.

To provide sufficient guarantees for appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR.

Question # 35

On July 12, 2016 the European Commission implemented a ruling regarding the transfer of personal data between the EEA and the US. The ruling is based on the data protection measures described in the EU-US Privacy Shield. What kind of a ruling is this?

A.

Derogation

B.

Legally binding contract

C.

Treaty superseding the GDPR

D.

Adequacy decision

Question # 36

According to the GDPR, what is a description of binding corporate rules (BCR)?

A.

A decision on the safety of transferring personal data to a non-EEA country

B.

A set of approved rules on personal data protection used by a group of enterprises

C.

A measure to compensate for the lack of personal data protection in a third country

D.

A set of agreements covering personal data transfers between non-EEA countries

Question # 37

What is the most important difference between the 95/46/EC and the GDPR?

A.

95/46/EC applies as law in all EEA member states while the GDPR is a guidance.

B.

95/46/EC applies to processing of data on EEA residents worldwide and the GDPR does not.

C.

The GDPR applies as law in all EEA member states while 95/46/EC is a guidance.

D.

The GDPR applies to persons and organizations which process personal data within EEA member states.

The scope of 95/46/EC is more restricted in this aspect.

Question # 38

When personal data are processed, who is ultimately responsible for demonstrating compliance with the GDPR?

A.

Data protection officer (DPO)

B.

Supervisory authority

C.

Processor

D.

Controller

Question # 39

A Belgian company has their headquarters in France for tax purposes. They enter into a legally binding contract with a processor in the Netherlands for the processing of personal data of data subjects with various nationalities. A personal data breach occurs. The supervisory authorities start an investigation. Why is the French supervisory authority seen as the lead supervisory authority?

A.

Because the company has their headquarters in France

B.

Because France is located in the middle of Europe

C.

Because France is the largest of the three EEA countries

Question # 40

When does the GDPR require data subjects consent to a cookie?

A.

Always, because a cookie is regarded as online identifier

B.

Never, as the EU Cookie Law does not require explicit consent

C.

Only if the cookie contains authentication information of the data subject

D.

Only if the cookie contains shopping basket items

Go to page:
PDPF PDF + Testing Engine
220-1201 pdf + testing engine
$154.49
$46.35 
220-1201 pdf + testing engine
  • Last Update: May 8, 2026
  • 149 Questions and Answers
  • Single Choice: 149 Q&A's
 Add to Cart    View Detail

Related Exin Certification Exams

Exin CDFOM
Exin CITM
Exin CDCS
Exin SIAMP
Exin EX0-008
Exin CDCP
Exin BLOCKCHAINF
Exin ITSM18F
Exin ITSM18FB
Exin VERISMP
Exin SIAMF
Exin VERISME

New Release

IdentityIQ-Associate Exam Questions
M92 Exam Questions
ISO-IEC-27002-Foundation Exam Questions
NCP-AAI Exam Questions
VNX301 Exam Questions
AI-901 Exam Questions
Als-Con-201 Exam Questions
App-Development-with-Swift-Certified-User Exam Questions
CAIPM Exam Questions
CPCM Exam Questions
RCA Exam Questions
I27001F Exam Questions
FlashArray-Storage-Professional Exam Questions
API-SIEE Exam Questions
Workday-Pro-Time-Tracking Exam Questions