GDPR Exam Dumps : PECB Certified Data Protection Officer

UnderArticle 82(2) of GDPR,processors can be held liablefor data breachesif they act outside or against the controller’s instructions. Processors mustcomply with the controller’s directivesor be held accountable.

Option B is correctbecauseprocessors are liable if they fail to follow the controller’s instructions.

Option A is incorrectbecauseprocessors do not take instructions directly from data subjects.

Option C is incorrectbecauseDPOs do not issue legally binding instructions to processors.

Option D is incorrectbecauseprocessors share liability under GDPR.

References:

GDPR Article 82(2)(Processor liability for non-compliance)

Recital 146(Joint liability between controllers and processors)

UnderArticle 35(3)(b) of GDPR, aDPIA is required for large-scale processing of sensitive data, includingmedical research on vulnerable individuals.

Option A is correctbecausemedical data and research involving vulnerable individuals require a DPIA.

Option B is incorrectbecauseencryption does not eliminate the need for a DPIA if the processing poses high risks.

Option C is incorrectbecausea general risk assessment does not replace a DPIAunderArticle 35.

Option D is incorrectbecauseretention period is not a deciding factor for DPIA necessity.

References:

GDPR Article 35(3)(b)(DPIA for special category data)

Recital 91(Risks to fundamental rights require DPIAs)

UnderArticle 70 of GDPR, theEDPB is responsible for ensuring consistency in GDPR application and advising the European Commissionon data protection matters.

Option B is correctbecausethe EDPB provides opinions and guidelines on GDPR implementation.

Option A is incorrectbecausesupervision and enforcement are the responsibility of national supervisory authorities, not the EDPB.

Option C is incorrectbecauseEU laws are adopted by the European Parliament and Council, not the EDPB.

Option D is incorrectbecausethe EDPB does not conduct audits; national data protection authorities do.

References:

GDPR Article 70(1)(b)(EDPB’s advisory role)

Recital 139(EDPB ensures consistency in GDPR application)