PDPF Exam Dumps : Privacy and Data Protection Foundation

In its Article 5, which deals with the Principles relating to the processing of personal data, paragraph 1, the GDPR describes:

1. Personal data shall be:

adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

(«data minimisation»);

Article 5 mentions all GDPR principles for processing personal data.

The data minimization principle refers to the purpose of the law that only the data that is required for processing should be collected.

This is also favorable to businesses. The less data is collected, the less likely violations are to occur and consequently the impacts also decrease.

Another option says: “A server is attacked and exploited by a hacker”, however, here it does not provide information if that server contained personal data.

The other wrong option is: "Strategic company data is mistakenly shared". Strategic data is not personal data.

For these reasons, the correct option is “Personal data processed without the consent of the controller”. Note: even if the processor has a contract that authorizes the processing of personal data on behalf of the controller, it cannot perform any treatment to which it was not previously authorized, nor can it sub-process without the knowledge and consent of the controller.

Verify that the processor has sufficient security guarantees that are essential for the Controller to remain in

compliance with the GDPR. Remember that the responsibility is always of the controller who must take care of the data of the data subjects that have been entrusted to him.

Recital 81 mentions the following:

(81) To ensure compliance with the requirements of this Regulation in respect of the processing to be carried out by the processor on behalf of the controller, when entrusting a processor with processing activities, the controller should use only processors providing sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of this Regulation, including for the security of processing. The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance with the obligations of the controller.