Exin Exam PDPF Topic 8 Question 69 Discussion

Actual exam question for Exin's PDPF exam

Question #: 69
Topic #: 8

[All PDPF Questions]

A personal data breach has occurred, and the controller is writing a draft notification for the supervisory authority. The following information is already in the notification:

- The nature of the personal data breach and its possible consequences.

- Information regarding the parties that can provide additional information about the data breach.

What other information must the controller provide?

AInformation of local and national authorities that were informed about the data breach.

BName and contact details of the data subjects whose data may have been breached

CSuggested measures to mitigate the adverse consequences of the data breach.

DThe information needed to access the personal data that have been breached.

Show Suggested Answer

Suggested Answer: A

To advise the controller on the mitigation of privacy risks to protect the controller from liability claims for non-compliance. Incorrect. The supervisory authority has the task to monitor compliance and to advise on enhancements, but its purpose is not to protect the controller.

To fulfill the obligation in the GDPR to implement appropriate technical and organizational measures for data protection. Incorrect. The audit is not the implementation of the measures, but an assessment of the effectiveness of them.

To monitor and enforce the application of the GDPR by assessing that processing is performed in compliance with the GDPR. Correct. According to the GDPR this is an important task of a supervisory authority. (Literature: A, Chapter 7; GDPR Article 57 (1)(a))

by Suzan at Sep 06, 2024, 01:30 PM

Limited Time Offer

25%

23 days ago

I think the controller should provide the name and contact details of the data subjects.

upvoted 0 times

...