A person is moving from city A to city B, within an EEA member state. In city A he was a patient of the local hospital
Answer : C
The hospital in A can send the data directly to hospital B, as requested by the patient. Correct. The right to portability allows this. (Literature: A, Chapter 3)
The hospital in A can send the file to hospital B, before the patient has requested it. Incorrect. The hospital in B can only acquire the file from A with consent or if it is in the vital interest of the data subject and consent cannot be obtained.
The hospital in A can send the medical file to the data subject, but not to another hospital. Incorrect. The data subject can ask for the data to be sent directly.
The hospital in A cannot send the file, because there is no legitimate ground for processing. Incorrect. A request, which implies consent, of the data subject is a sufficient legitimate ground.
According to the GDPR, in what situation must data subjects always be notified of a personal data breach?
Answer : D
When personal data is processed at a facility of the processor that is not located within the borders of the EEA. Incorrect. The location where the data is processed is of no significance to the obligation to notify data subjects of personal data breaches.
When personal data is processed by a party that agreed to the draft processing contract but has not yet sign it. Incorrect. Personal data processed by another party than the controller without a valid written contract is considered a personal data breach. In the given situation however, negative consequences for the data subjects are unlikely. Notifying the data subject is not obligatory in that case.
When the system on which the personal data is processed is attacked causing damage to its storage devices. Incorrect. Damage to storage devices will make access to the data difficult or even impossible but does not imply illegal processing.
When there is a significant probability that the breach will lead to a high risk for the privacy of the data subjects. Correct. If there is a significant probability of negative impact on the data subjects, the controller is obliged to notify them of the breach. (Literature: A, Chapter 5)
Which EU legislation allows data to be transferred between the European Economic Area (EEA) and the United States (USA)?
Answer : A
In July 2016, Implementing Decision 2016/1250 came into force, which legislates that the United States must ensure an adequate level of protection for personal data transferred from the Union to United States organizations under the EU-US Privacy Protection Shield (Privacy Shield).
This is because the United States does not have a single law on the protection of personal data, since because of its internal policy, each state can create its own laws. Privacy Shield aims to standardize this, so that companies in the European Union and the United States can offer their services.
Article 1 of the Implementing Decision 2016/1250:
1. For the purposes of Article 25(2) of Directive 95/46 / EC, the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the
EU-U.S. Privacy Shield.
2. The EU-U.S. Privacy Shield is constituted by the Principles issued by the U.S. Department of Commerce on 7 July 2016 as set out in Annex II and the official representations and commitments contained in the documents listed in Annexes I, III to VI.
3. For the purpose of paragraph 1, personal data are transferred under the EU-U.S. Privacy Shield where they are transferred from the Union to organisations in the United States that are included in the 'Privacy Shield List', maintained and made publicly available by the U.S. Department of Commerce, in accordance with Sections I and III of the Principles set out in Annex II.
When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?
Answer : A
Whenever a new technology is applied, a DPIA must be performed. In addition, a DPIA must be performed before starting the processing of personal data. This is important to check for risks to data subjects since data collection.
In its Article 35 the GDPR legislates on the Impact assessment on data protection.
1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.
Unlock All Features of Exin PDPF Dumps Software
Just have a look at the best and updated features of our PDPF dumps which are described in detail in the following tabs. We are very confident that you will get the best deal on this platform.
Select Question Types you want
Set your desired pass percentage
Allocate Time (Hours: Minutes)
Create Multiple Practice test with limited questions
Customer Support
Latest Success Metrics For actual PDPF Exam
This is the best time to verify your skills and accelerate your career. Check out last week's results, more than 90% of students passed their exam with good scores. You may be the Next successful Candidate.
95%
Average Passing Scores in final Exam
91%
Exactly Same Questions from these dumps
90%
Customers Passed Exin PDPF exam
OUR SATISFIED CUSTOMER REVIEWS
CN
Catherine Nelson
When I got enrolled in Exin PDPF, I was told that Premiumdumps is the only key to all of my worries regarding my Exam. I scored well and it justifies the standard of Premiumdumps
GF
Gregory Fuentes
I would like to share, initially I was not sure if I could pass the Privacy and Data Protection Foundation exam, because I didn’t get time to prepare for it. But Premiumdumps Practice exam helped me to fulfill my dream. The user friendly interface made be acquainted with the actual exam by offering the real exam simulation. I give all credits to Premiumdumps.
AC
Amber Campbell
Premiumdumps is a reliable and trustworthy platform, which enabled me to pass 1Y0-370. I am grateful that I only trusted Premiumdumps.
EM
Emma McGonagle
Premiumdumps has proven accommodating, which helped me to develop self confidence by offering self-evaluation tool. The self-assessment feature helped me to recognize my weak areas so I can overcome them. Thanks to Premiumdumps.
HB
Harold Batista
I wish to share enthusiastically that I have finally advanced the credentials. And this has become possible just because of the Premiumdumps exam preparation material.