Exin Exam PDPF Topic 5 Question 60 Discussion

Actual exam question for Exin's PDPF exam

Question #: 60
Topic #: 5

[All PDPF Questions]

While performing a backup, a data server disk crashed. Both the data and the backup are lost. The disk contained personal data, but no special category personal dat

a. The processor states that this is a personal data breach. Is the statement of the processor true?

AYes, because there were no special category personal data stored on the disk.

BNo, because no personal data on the disk were processed, only destroyed

CYes, because the personal data on the disk were unlawfully processed.

DNo, because this is only a security incident and not a data breach

Show Suggested Answer

Suggested Answer: A

To advise the controller on the mitigation of privacy risks to protect the controller from liability claims for non-compliance. Incorrect. The supervisory authority has the task to monitor compliance and to advise on enhancements, but its purpose is not to protect the controller.

To fulfill the obligation in the GDPR to implement appropriate technical and organizational measures for data protection. Incorrect. The audit is not the implementation of the measures, but an assessment of the effectiveness of them.

To monitor and enforce the application of the GDPR by assessing that processing is performed in compliance with the GDPR. Correct. According to the GDPR this is an important task of a supervisory authority. (Literature: A, Chapter 7; GDPR Article 57 (1)(a))

by Glennis at May 07, 2024, 10:20 AM

Limited Time Offer

25%

23 days ago

I think the processor is right. It's a personal data breach.

upvoted 0 times

...