PECB Related Exams
GDPR Exam
Scenario:
ChatBubbleis a software company that stores personal data, includingusernames, emails, and passwords. Last month, an attacker gained access to ChatBubble’s system, but the personal datawas encrypted, preventing unauthorized access.
Question:
Should thedata subjects be notifiedin this case?
Scenario:
Aclinical research organizationcollects and processessensitive personal dataof individuals formedical research purposes. The data isencrypted and stored in a central database using a one-way hashing function (bcrypt). The organization conducted arisk assessmentto identify andmitigate risks.
Question:
Should aDPIA be conductedin this case?
Scenario:
An organization has been using astorage transfer serviceto importmarket-sensitive data, includingemail addresses and contact details, into acloud storage system. This change has affected theregistration processand has helped the organizationappropriately collect and store data.
Question:
Based on this scenario, what should theDPO monitorin the data processing register?