A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal dat
a. Which role in data protection is defined here?
Controller: Correct. The controller determines the purpose and means of the processing. (Literature: A, Chapter 1; GDPR Article 4(7))
Processor: Incorrect. The controller determines the purpose of the processing, the processor works on the controller's instructions.
Supervisory authority: Incorrect. The supervisory authority monitors and enforces compliance with the GDPR requirements.
Third party: Incorrect. A third party has no role in determining the purpose of the processing. Any party that determines the purpose would become a new controller.
The GDPR describes the principle of data minimization. How can organizations comply with this principle?
By applying the concept of least privilege to the personal data collected, stored or otherwise
processed. Incorrect. Data minimization does not address least privilege.
By limiting access rights to staff who need the personal data for the intended processing operations. Incorrect. This describes the concept of limiting authorization for instance to comply with the principle of integrity and confidentiality.
By limiting file sizes, through saving all personal data that is processed in the smallest possible format. Incorrect. Data minimization according to the GDPR is not about storage size, but about minimalizing the use of personal data.
By limiting the personal data to what is adequate, relevant and necessary for the processing purposes.
Correct. This is the essence of the description in the GDPR. (Literature: A, Chapter 2; GDPR Article 5(1)(c))
Some data processing falls outside of the material scope of the GDPR. What type of processing is not subject to the GDPR?
Collecting name and address information for a gymnastics club. Incorrect. Collecting is also considered processing data.
Creating a back-up of biometric data for data security purposes. Incorrect. Storage is also considered processing data.
Editing personal photographs before printing them at home. Correct. The GDPR is not applicable to home-use of your own photographs. (Literature: A, Chapter 1; GDPR Article 4)
Which of the following has a data breach under the General Data Protection Regulation (GDPR)?
Your credit card has been cloned. A card contains various personal information.
What category of data breach is this incident?
Data breach categories:
Material: Loss of equipment or material with data, lost file folders, lost smartphones, etc.
Verbal: Indiscretion, shoulder surfing, intentional leakage of sensitive information, etc.
Digital (not material): Backdoors, incorrect coding, maladministration (e.g., patch management), insufficient security measures, card cloning etc.
Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits
Get All 149 Questions & Answers