Exin Exam PDPF Topic 1 Question 81 Discussion

Actual exam question for Exin's PDPF exam

Question #: 81
Topic #: 1

[All PDPF Questions]

Article 33 of the GDPR deals with ''Notification of a personal data breach to the supervisory authority''.

Paragraph 3 sets out the minimum information that must be included in this notification. Which of the below is one of these?

AThe contact of the data protection officer or another point of contact where more information could be obtained.

BContact information for all data subjects.

CA copy of the breached personal data to be analyzed.
Section: (none)
Explanation

Show Suggested Answer

Suggested Answer: C

Yes, because the shopkeeper cannot identify the owner of the telephone. Incorrect. The issue is not whether the shopkeeper can identify the visitor, but that it is technically possible to do so.

Yes, because the visitor has automatically consented by connecting to the Wi-Fi. Incorrect. Consent must be an active, informed and free act of agreement to the processing. To see a MAC-address, the visitor does not need to be logged onto the Wi-Fi.

No, because the telephones MAC-address must be regarded as personal data. Correct. The phone's signal is a unique code that can be linked to the owner of the phone. The data must be regarded as personal data, because it is technically possible to identify the visitor. (Literature: A, Chapter 3; GDPR Article 26 and 30)

No, because the telephone providers are the owners of the MAC-addresses. Incorrect. The shopkeeper is not allowed to keep the data or process it because it must be regarded as personal data. The telephone provider is not the owner of the MAC-address, nor is the telephone provider protected by the GDPR.

by William at Mar 09, 2025, 01:36 AM

Limited Time Offer

25%

25 days ago

I think the answer is A) The contact of the data protection officer or another point of contact where more information could be obtained.

upvoted 0 times

...