EXIN Privacy and Data Protection Foundation offers professionals a solid background in the protection of personal data including GDPR.To help you pass your EXIN PDPF exam, Passcert new released EXIN Privacy and Data Protection Foundation PDPF Exam Dumps for you to practice.Passcert can not only allow you for the first time to participate in the EXIN Privacy and Data Protection Foundation PDPF Exam to pass it successfully, but also help you save a lot of valuable time.

EXIN Privacy and Data Protection Foundation is a certification that validates a professional's knowledge about organizing the protection of personal data, the EU rules and regulations regarding data protection. This regulation affects every organization that processes EU personal data including Switzerland.

The exmaination for EXIN Privacy and Data Protection Foundation is intended for all employees who need to have an understanding of data protection and European legal requirements as defined in the GDPR. More specific the following roles could be interested: Data Protection Officer, Privacy Officer, Legal Officer/Compliance Officer, Security Officer, Buniness Continuity Manager.

Duration: 1 hour

Number of questions: 40 (Multiple Choice)

Pass mark: 65%

Level: Foundation

ECTS credits: 2

Available languages: English, German, Spanish, French, Brazilian Portuguese, Dutch, Japanese, Chinese, Hebrew

EXIN Privacy & Data Protection Foundation covers the main subjects related to the protection of personal data. Candidates benefit from a certification that is designed to impart all the required knowledge to help ensure compliancy to the General Data Protection Regulation.

●Definitions

●Personal Data 

●Legitimate Grounds and Purpose Limitation

●Further Requirements for Legitimate Processing of Personal Data

●Rights of Data Subjects

●Data Breach and Related Procedures

●Importance of Data Protection for the Organization

●Supervisory Authority

●Personal Data Transfer to Third Countries

●Binding Corporate Rules and Data Protection in Contracts

●Data Protection by Design and by Default Related to Information Security

●Data Protection Impact Assessment(DPIA)

●Practice Related Applications of the Use of Data, Marketing and Social Media

A. Delivering the maximum degree of data protection by default, ensuring that personal data are automatically protected in any given IT system or business practice.

B. Ensuring that whatever business practice or technology is involved, processing is done according to the stated objectives, subject to independent verification.

C. Embedding security measures to protect the data from the moment it is collected, throughout processing until it is destroyed at the end of the process.

D. Prioritizing the protection of the interests of the individual by offering for example strong privacy defaults, appropriate notice or empowering user-friendly options.

A. The processor must notify the controller and the controller must notify the Data Protection Authority of a data breach.

B. The processor must notify the controller of a data breach. The controller must assess the possible risk to the data subjects.

C. The processor must notify the Data Protection Authority of a data breach. The controller must execute a PIA to assess the risk to data subjects.

D. The processor must restart processing using the right data. There is no need for the controller to act.

A. To assess compliance with the law in all classes where sensitive personal data is processed

B. To assess the legitimacy of operations that involve specific risks for the data subjects

C. To assess the legitimacy of binding contract(s) between the controller and the data processor(s)

D. To give out a license for the data processing, specifying the types of personal data which are allowed

A. By analyzing the logs of the web server it can be seen which products are top sellers, allowing them to optimize their marketing campaigns for those products.

B. By tagging users of social media, profiles of their online behavior can be created. These profiles are used to ask them to promote a product.

C. By tagging visitors of web pages, profiles of their online behavior can be created. These profiles are sold and used in targeted advertisement campaigns.

A. Report the data processing to the German Supervisory Authority and leave the supervising to them.

B. Supervise the processing of personal data in accordance with Dutch Law.

C. Supervise the processing of personal data in accordance with German Law.

D. The Dutch Supervisory Authority should check that adequate binding contracts are in place. The German Supervisory Authority should supervise.

A. Nothing. The video may be regarded as ‘news’ and, therefore, the website is only exercising its right to freedom of expression and information.

B. The controller erases the video from the website and, when possible, informs any controller who might process the same video, that it must be erased.

C. The controller erases the video from the website. There is no obligation however, to inform others who might have copied it, that it should be erased.

D. The controller directs the person to seek a lawyer and informs that he cannot exclude before a juridical authorization.