Pass the Exin Privacy & Data Protection PDPF Questions and answers with CertsForce

It is not necessary to inform the Supervisory Authority of any violation that occurs. But every violation must be analyzed with caution and attention. It is not necessary to notify the Supervisory Authority only if it does not present risks to the data subjects.

The DPO must always be involved to guide the best strategy and action for each violation that occurs. Article 38 legislates on the position of the data protection officer:

1. The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.

It is clear that the DPO – Data Protection Officer, must be involved in the entire data processing life cycle. From its collection to its exclusion.

Implement technical and organizational measures to ensure compliance. Incorrect. This is the task of the controller.

Investigate security breaches of corporate information. Incorrect. Only breaches of personal data are a concern of the supervisory authority.

Monitor and enforce the application of the GDPR. Correct. This is the main task of any supervisory authority. (Literature: A, Chapter 7)

Accuracy. Incorrect. Accuracy is the principle that personal data shall be accurate and kept up to date.

Data minimization. Correct. Data minimization means that personal data shall be adequate, relevant and limited to what is necessary. (Literature: A, Chapter 2; GDPR Article 5(1))

Fairness and transparency. Incorrect. Fairness and transparency mean that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

Purpose limitation. Incorrect. Purpose limitation means that personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with GDPR Article 89(1), not be considered to be incompatible with the initial purposes.