GDPR Exam Dumps : PECB Certified Data Protection Officer

UnderArticle 70 of GDPR, theEDPB is responsible for ensuring consistency in GDPR application and advising the European Commissionon data protection matters.

Option B is correctbecausethe EDPB provides opinions and guidelines on GDPR implementation.

Option A is incorrectbecausesupervision and enforcement are the responsibility of national supervisory authorities, not the EDPB.

Option C is incorrectbecauseEU laws are adopted by the European Parliament and Council, not the EDPB.

Option D is incorrectbecausethe EDPB does not conduct audits; national data protection authorities do.

References:

GDPR Article 70(1)(b)(EDPB’s advisory role)

Recital 139(EDPB ensures consistency in GDPR application)

UnderArticle 30 of GDPR, controllers and processorsmust maintain a record of processing activities (ROPA). Whenever changes occurin the way personal data is processed(such as a transfer to cloud storage), theDPO must ensure these changes are recorded in the processing register.

Option B is correctbecause theDPO must ensure the data processing register is updated to reflect the new storage method.

Option A is incorrectbecausestorage changes do not require new consent unless the purpose of processing has changed.

Option C is incorrectbecause whileassessing security measures is important, it is not theprimary dutyrelated to the data processing register.

Option D is incorrectbecausenot all processing changes require notifying the supervisory authorityunless they introduce high riskswithout proper safeguards.

References:

GDPR Article 30(1)(g)(Controllers must maintain updated processing records)

Recital 82(Controllers should document changes in processing activities)

UnderArticle 82(2) of GDPR,processors can be held liablefor data breachesif they act outside or against the controller’s instructions. Processors mustcomply with the controller’s directivesor be held accountable.

Option B is correctbecauseprocessors are liable if they fail to follow the controller’s instructions.

Option A is incorrectbecauseprocessors do not take instructions directly from data subjects.

Option C is incorrectbecauseDPOs do not issue legally binding instructions to processors.

Option D is incorrectbecauseprocessors share liability under GDPR.

References:

GDPR Article 82(2)(Processor liability for non-compliance)

Recital 146(Joint liability between controllers and processors)