Which of the following options describes the concept of data minimization?
A. It is the limitation of data to the purposes for which it is treated.
B. It is the use of data for the shortest possible time.
C. It is the decrease in the space allocated for data storage.
D. It is the minimization of data storage locations.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
For processing of personal data to be legal, a number of requirements must be fulfilled.
What is a requirement for lawful personal data processing?
A. A 'code of conduct', describing what the processing exactly entails, must be in place.
B. The processing must be reported to and allowed by the Data Processing Authority
C. The data subject must have given consent, prior to the processing to begin.
D. There must be a legitimate ground for the processing of personal data.
正解:D
質問 3:
A processor is instructed to report on customers who bought a product both last month and at least once in the three months before that. Unfortunately, the processor makes a mistake and uses personal data collected by another controller for a different purpose.
The mistake is found before the report is created, and nobody has access to personal date he or she should not have had access to.
How should the processor act on this situation and what should the controller do, if anything?
A. The processor must notify the controller of a data breach. The controller must assess the possible risk to the data subjects.
B. The processor must restart processing using the right data. There is no need for the controller to act.
C. The processor must notify the Data Protection Authority of a data breach. The controller must execute a PIA to assess the risk to data subjects.
D. The processor must notify the controller and the controller must notify the Data Protection Authority of a data breach.
正解:A
質問 4:
Who should ask for an opinion after conducting an impact assessment on the protection of personal data (DPIA)?
A. Controller
B. DPO
C. Processor
D. Supervisory Authority
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?
A. Application of new technologies that may imply a high risk to the rights and freedoms of data subjects.
B. There is no security policy and information security risk analysis.
C. In all types of personal data processing.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A personal data breach has occurred, and the controller is writing a draft notification for the supervisory authority. The following information is already in the notification:
- The nature of the personal data breach and its possible consequences.
- Information regarding the parties that can provide additional information about the data breach.
What other information must the controller provide?
A. Information of local and national authorities that were informed about the data breach.
B. Name and contact details of the data subjects whose data may have been breached
C. The information needed to access the personal data that have been breached.
D. Suggested measures to mitigate the adverse consequences of the data breach.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
Ling -
PDPF試験参考書が本当に助かりました。誠にありがとうございました。