One of the seven principles of data protection by design is Functionality - Positive-Sum, not Zero-Sum. What is the essence of this principle?
Correct Answer: D
Applied security standards must assure the confidentiality, integrity and availability of personal data throughout their lifecycle. Incorrect. This is an aspect of End-to-End Security - Lifecycle Protection, one of the other six basic principles. If different types of legitimate objectives are contradictory, the privacy objectives must be given priority over other security objectives. Incorrect. Data protection by design rejects the idea that privacy competes with other interests, design objectives, and technical capabilities. When embedding privacy into a given technology, process, or system, it should be done in such a way that full functionality is not impaired. Correct. This is the essence. (Literature: A, Chapter 8; GDPR Article 25) Wherever possible, detailed privacy impact and risk assessments should be carried out and published, clearly documenting the privacy risks. Incorrect. This is an aspect of Privacy Embedded into Design, one of the other six basic principles.
PDPF Exam Question 47
Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data. Which aspect of the rights of a data subject in the General Data Protection Regulation (GDPR) requires the company to comply?
Correct Answer: D
Reference: https://gdpr-info.eu/art-7-gdpr/
PDPF Exam Question 48
The word privacy is never mentioned in the General Data Protection Regulation (GDPR) text. Despite this, what would be the best definition of the privacy according to the Regulation?
Correct Answer: C
Privacy is a right that must be protected, and Data Protection are the measures that will be used to achieve this protection. Data protection and privacy complement each other, but they are not the same. A well-known phrase is: "You can have security without privacy, but you cannot have privacy without security". Recital 4 of the GDPR says: The processing of personal data should be designed to serve individuals. The right to protection of personal data is not absolute; it must be considered in relation to its role in society and balanced with other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedom and principles recognized in the Charter, enshrined in the Treaties, namely respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom of business, the right to action and an impartial tribunal, and cultural, religious and linguistic diversity.
PDPF Exam Question 49
What is a responsibility Supervisory Authorities in EEA countries?
Correct Answer: C
PDPF Exam Question 50
Which of these should appear in a Data Protection Impact Assessment (DPIA) according to the General Data Protection Regulation (GDPR)?
Correct Answer: A
In its Article 35 the GDPR legislates on the Impact assessment on data protection. 7) The assessment shall contain at least: a) a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller; b) an assessment of the necessity and proportionality of the processing operations in relation to the purposes; c) an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph 1; and d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.
