EXIN PDPF
Q: 1
What is the essence of the principle ‘Full Lifecycle Protection’?
Options
Q: 2
What is the term used in the General Data Protection Regulation (GDPR) for the disclosure of, or
unauthorized access to, personal data?
Options
Q: 3
A Belgian company has their headquarters in France for tax purposes. They enter into a legally
binding contract with a processor in the Netherlands for the processing of personal data of data
subjects with various nationalities. A personal data breach occurs. The supervisory authorities start
an investigation. Why is the French supervisory authority seen as the lead supervisory authority?
Options
Q: 4
According to the General Data Protection Regulation (GDPR), which category of personal data is
considered to be sensitive data?
Options
Q: 5
Which of these should appear in a Data Protection Impact Assessment (DPIA) according to the
General Data Protection Regulation (GDPR)?
Options
Q: 6
According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?
Options
Q: 7
Some data processing falls outside of the material scope of the GDPR. What type of processing is not
subject to the GDPR?
Options
Q: 8
According to the GDPR, what is a task of a supervisory authority?
Options
Q: 9
The GDPR does not define privacy as a term but uses the concept implicitly throughout the text.
What is a correct definition of privacy as implicitly used throughout the GDPR?
Options
Q: 10
Which of the following has a data breach under the General Data Protection Regulation (GDPR)?
Options
Question 1 of 10
