Privacy & Data Protection Essentials Courseware - English. Ruben Zeegers
Regulation of the European Parliament and the Council of the European Union. Brussels, 6 April 2016, available at:http://eur-lex.europa.euPDF:http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=ENHTML:http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=EN
Comment
The exam requirements are based on the exam literature. Literature C is no primary exam literature, because the other exam literature provides sufficient content about the GDPR. Candidates should be familiar with literature C to the extent of the references made in the other literature.
Literature matrix
_____________
1 Before the GDPR was introduced the data protection authority was the national authority in charge with the enforcement of regulation on data protection. In the GDPR it is now called the supervisory authority.
2 Exam specification 2.3 is only tested in the EXIN Privacy and Data Protection Foundation exam
Introduction
This is the sample exam EXIN Privacy & Data Protection Essentials (PDPE.EN). The Rules and Regulations for EXIN’s examinations apply to this exam.
This exam consists of 20 multiple-choice questions. Each multiple-choice question has a number of possible answers, of which only one is the correct answer.
The maximum number of points that can be obtained for this exam is 20. Each correct answer is worth one point. If you obtain 13 points or more you will pass.
The time allowed for this exam is 30 minutes.
Good luck!
Sample Exam
1 / 20 The illegal collection, storage, modification, disclosure or dissemination of personal data is an offence by European law.
What kind of offence is this?
A) a content related offence
B) an economic offence
C) an intellectual property offence
D) a privacy offence
2 / 20 How are privacy and data protection related to each other?
A) Data protection is a subset of privacy.
B) Privacy is a subset of data protection.
C) They are the same thing.
D) You cannot have privacy without data protection.
3 / 20 The word 'privacy' is not mentioned in the GDPR.
How is 'privacy' related to 'data protection'?
A) Data protection is a set of rules and regulations on processing personal data. Privacy is the result of data protection.
B) Privacy is the right to be protected from interference in personal matters. Data protection is the means to implement that protection.
C) Privacy is the right to keep personal matters secret. Data protection is the right to keep personal data secret.
D) The terms 'privacy' and 'data protection' are interchangeable. There is no real difference in meaning.
4 / 20 The GDPR is related to personal data protection.
What is the definition of personal data?
A) any information relating to an identified or identifiable natural person
B) any information that the European citizens would like to protect
C) data that directly or indirectly reveal someone's racial or ethnic background, religious views, and data related to health or sexual habits
D) preservation of confidentiality, integrity and availability of information
5 / 20 Which information is regarded as personal data according to the GDPR?
A) Information about a person, which might harm the privacy of that person, even when untrue
B) Any information regarding an identifiable natural person
C) Information, regarding an identifiable natural person, which is digitalized
6 / 20 Which right of data subjects is explicitly defined by the GDPR?
A) A copy of personal data must be provided in the format requested by the data subject.
B) Access to personal data without any cost for the data subject.
C) Personal data must be always changed at the request of the data subject.
D) Personal data must be erased at all times if a data subject requests this.
7 / 20 “An independent public authority which is established by a Member State pursuant to Article 51."
Which role in data protection is defined?
A) Controller
B) Processor
C) Supervisory authority
D) Third party
8 / 20 Which role in data protection determines the purposes and means of the processing of personal data?
A) Controller
B) Data Protection Officer
C) Processor
9 / 20 'Informed consent' is a lawful basis to process personal data under the GDPR. The purpose of the processing for which consent is given should be documented.
At what time in the process should the data subject's consent be obtained?
A) After the purpose specification is presented and before personal data is collected.
B) Before the purpose specification is conceived and presented.
C) Before the personal data is processed.
D) Before the personal data is published or disseminated.
10 / 20 The