The purpose of this Sample Question Set is to provide you with information about the EXIN Privacy and Data Protection Professional (PDPP) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the PDPP certification test. To get familiar with real exam environment, we suggest you try our Sample EXIN PDPP Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EXIN Privacy and Data Protection Professional certification exam.
These sample questions are simple and basic questions that represent likeness to the real EXIN Privacy and Data Protection Professional exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium EXIN PDPP Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.
EXIN PDPP Sample Questions:
a) Develop privacy policies separate from or combined with information security policies
b) Ensure at least awareness training for all coworkers that handle or process personal data
c) Label all data clearly to identify where personal data is stored or otherwise processed
d) Plan internal and external audits with a specific interval depending on the audit scope
02. Applying privacy information management system (PIMS) controls to manage risk is not an easy task, and it is recommended to go through all the stages. The first stage is to design a set of controls to manage risks. The other stages are listed below (in random order):
1. Compare controls to ISO/IEC 27701’s Annex A or B
2. Produce the statement of applicability (SoA)
3. Effectively implement the controls
What is the correct order of the other stages?
a) 1, 2, 3
b) 1, 3, 2
c) 2, 1, 3
d) 2, 3, 1
03. According to the GDPR, which activity is always a responsibility of the controller?
a) Being responsible for performing a data protection impact assessment (DPIA)
b) Contracting a security company for the protection of personal data in transit
c) Implementing a new method to collect personal data from the customers
d) Maintaining records of the processing activities carried out by the processor
04. When a controller and a processor sign a contract for the processing of personal data, they both have specific responsibilities. Some of these responsibilities are prescribed by the GDPR and others can be arranged in the contract.
According to the GDPR, when does the processor always need written authorization by the controller?
a) When the processor contracts a company to protect data during transfers
b) When the processor contracts a third party to process personal data
c) When the processor implements a new method to collect personal data
d) When the processor implements a new method to delete personal data
05. According to the GDPR, what should always be part of a data protection impact assessment (DPIA)?
a) Identify the personal data that are processed and the intended purposes of the processing
b) Develop a subject access request procedure to ensure compliance with data subjects’ rights
c) Notify the data subjects that an assessment will take place and request their explicit consent
d) Set up an incident response plan and define appropriate safeguards to avoid data breaches
06. A company implements a privacy policy, which helps to demonstrate compliance with the GDPR. It is recommended that this policy is made publicly accessible for several reasons.
What is the main reason for making the privacy policy publicly available?
a) To allow customers and partners to verify which personal data the organization must process
b) To allow customers, partners and the supervisory authority to assess how personal data are handled
c) To communicate the result of data protection impact assessments (DPIAs) performed in the organization
d) To inform the supervisory authority of how the organization will respond after personal data breaches
07. A small organization has developed a successful software service. Their service is a large success, which means the organization needs a more robust cloud solution. Therefore, the organization must select an external cloud supplier.
The organization is ISO/IEC 27701 certified. When searching for a supplier, the organization comes across several cloud suppliers. Some suppliers are ISO/IEC 27701 certified, but others are not.
How can an ISO/IEC 27701 certification help with supplier selection?
a) The ISO/IEC 27701 certification of a supplier includes a cost/benefit analysis, which ensures lower costs for services
b) The ISO/IEC 27701 certification of the organization has procedures for data processing, which extends to any supplier.
c) The ISO/IEC 27701 certification of a supplier lowers the need for supplier audits, which is easier for the organization.
d) The ISO/IEC 27701 certification of the organization requires an ISO/IEC 27701 certified supplier, which limits choices
08. An organization plans to make automated decisions on its clients, based on profiling. Which part of the data protection impact assessment (DPIA) needs extra attention?
a) The measures to protect the rights of the data subject that will be implemented
b) The assessment of the need to perform a DPIA in relation to this processing activity
c) The measures to secure the personal data from being requested by data subjects
d) The procedures for data erasure after a data subject asks for their data to be removed
09. Auditing the privacy information management system (PIMS) can be done for multiple reasons. According to ISO/IEC 27701, what is the main objective of PIMS audits?
a) To confirm that requirements of the relevant national and international standards are maintained
b) To identify specific areas of concern and address the selection of individual work processes
c) To include updates of relevant changes to legislation and regulations, and their interpretation
d) To monitor conformity between the management system requirements and working practices
10. An organization is merging with another company. The organization already has a privacy information management system (PIMS). The completion of the process depends on demonstrating that all the personal data processing operations follow the ISO/IEC 27701 and the applicable legislation.
What is the most appropriate means to show this?
a) A data protection impact assessment (DPIA) report
b) A privacy impact assessment (PIA) report
c) A recent PIMS audit report
d) A statement of applicability (SoA) report
Answers:
|
Question: 01 Answer: d |
Question: 02 Answer: b |
Question: 03 Answer: a |
Question: 04 Answer: b |
Question: 05 Answer: a |
|
Question: 06 Answer: b |
Question: 07 Answer: c |
Question: 08 Answer: a |
Question: 09 Answer: d |
Question: 10 Answer: c |
Note: For any error in EXIN Privacy and Data Protection Professional certification exam sample questions, please update us by writing an email on feedback@certfun.com.