Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. PECB
  3. GDPR

PECB Certified Data Protection Officer GDPR Exam Questions in PDF

Free PECB GDPR Dumps Questions (page: 1)

GDPR PDF — 80 Questions

Scenario 1:

MED is a healthcare provider located in Norway. It provides high-quality and affordable healthcare services, including disease prevention, diagnosis, and treatment. Founded in 1995, MED is one of the largest health organizations in the private sector. The company has constantly evolved in response to patients' needs.

Patients that schedule an appointment in MED's medical centers initially need to provide their personal information, including name, surname, address, phone number, and date of birth. Further checkups or admission require additional information, including previous medical history and genetic dat

  1. When providing their personal data, patients are informed that the data is used for personalizing treatments and improving communication with MED's doctors. Medical data of patients, including children, are stored in the database of MED's health information system. MED allows patients who are at least 16 years old to use the system and provide their personal information independently. For children below the age of 16, MED requires consent from the holder of parental responsibility before processing their data.
    MED uses a cloud-based application that allows patients and doctors to upload and access information. Patients can save all personal medical data, including test results, doctor visits, diagnosis history, and medicine prescriptions, as well as review and track them at any time. Doctors, on the other hand, can access their patients' data through the application and can add information as needed.
    Patients who decide to continue their treatment at another health institution can request MED to transfer their data. However, even if patients decide to continue their treatment elsewhere, their personal data is still used by MED. Patients' requests to stop data processing are rejected. This decision was made by MED's top management to retain the information of everyone registered in their databases.
    The company also shares medical data with InsHealth, a health insurance company. MED's data helps InsHealth create health insurance plans that meet the needs of individuals and families.
    MED believes that it is its responsibility to ensure the security and accuracy of patients' personal data. Based on the identified risks associated with data processing activities, MED has implemented appropriate security measures to ensure that data is securely stored and processed.
    Since personal data of patients is stored and transmitted over the internet, MED uses encryption to avoid unauthorized processing, accidental loss, or destruction of data. The company has established a security policy to define the levels of protection required for each type of information and processing activity. MED has communicated the policy and other procedures to personnel and provided customized training to ensure proper handling of data processing.
    Questio n:
    If a patient requests MED to permanently erase their data, MED should:
  2. Reject the request since the medical history of patients cannot be permanently erased.
  3. Erase the personal data if it is no longer needed for its original purpose.
  4. Erase the personal data only if required to comply with a legal obligation.
  5. Refuse the request because medical data must be retained indefinitely for future reference.

Answer(s): B

Explanation:

Under Article 17 of the General Data Protection Regulation (GDPR), also known as the "Right to be Forgotten," data subjects have the right to request the erasure of their personal data when:

The data is no longer necessary for the purpose for which it was collected.

The data subject withdraws consent (where processing was based on consent).

The data was processed unlawfully.

In this scenario, if the data is no longer necessary for the original purpose (e.g., if the patient has completed their treatment and there are no legal retention obligations), MED should erase the data. However, there are exceptions under GDPR, such as legal retention requirements for medical records under national healthcare regulations.

Rejecting the request outright (Option A) is incorrect because GDPR requires controllers to assess whether retention is still necessary. Similarly, Option C is too restrictive because GDPR allows deletion even if no legal obligation mandates it. Option D is incorrect because indefinite retention is not permitted unless a valid justification exists.


Reference:

GDPR Article 17 (Right to Erasure)

Recital 65 (Clarification on when personal data can be erased)

Article 5(1)(e) (Storage limitation principle)



Scenario 1:

MED is a healthcare provider located in Norway. It provides high-quality and affordable healthcare services, including disease prevention, diagnosis, and treatment. Founded in 1995, MED is one of the largest health organizations in the private sector. The company has constantly evolved in response to patients' needs.
Patients that schedule an appointment in MED's medical centers initially need to provide their personal information, including name, surname, address, phone number, and date of birth. Further checkups or admission require additional information, including previous medical history and genetic dat

  1. When providing their personal data, patients are informed that the data is used for personalizing treatments and improving communication with MED's doctors. Medical data of patients, including children, are stored in the database of MED's health information system. MED allows patients who are at least 16 years old to use the system and provide their personal information independently. For children below the age of 16, MED requires consent from the holder of parental responsibility before processing their data.
    MED uses a cloud-based application that allows patients and doctors to upload and access information. Patients can save all personal medical data, including test results, doctor visits, diagnosis history, and medicine prescriptions, as well as review and track them at any time. Doctors, on the other hand, can access their patients' data through the application and can add information as needed.
    Patients who decide to continue their treatment at another health institution can request MED to transfer their data. However, even if patients decide to continue their treatment elsewhere, their personal data is still used by MED. Patients' requests to stop data processing are rejected. This decision was made by MED's top management to retain the information of everyone registered in their databases.
    The company also shares medical data with InsHealth, a health insurance company. MED's data helps InsHealth create health insurance plans that meet the needs of individuals and families.
    MED believes that it is its responsibility to ensure the security and accuracy of patients' personal data. Based on the identified risks associated with data processing activities, MED has implemented appropriate security measures to ensure that data is securely stored and processed.
    Since personal data of patients is stored and transmitted over the internet, MED uses encryption to avoid unauthorized processing, accidental loss, or destruction of data. The company has established a security policy to define the levels of protection required for each type of information and processing activity. MED has communicated the policy and other procedures to personnel and provided customized training to ensure proper handling of data processing.
    Questio n:
    Based on scenario 1, is the processing of children's personal data performed by MED in compliance with GDPR?
  2. No, the processing of personal data of children below the age of 16 years is not in compliance with the GDPR, even if parental consent is provided.
  3. Yes, the processing of children's personal data below the age of 16 years with parental consent is in compliance with GDPR.
  4. No, MED must obtain explicit consent from the child, regardless of parental consent, for the processing to be in compliance with GDPR.
  5. Yes, as long as the processing is conducted with industry-standard encryption.

Answer(s): B

Explanation:

Under Article 8 of the GDPR, the processing of personal data of children under 16 years is only lawful if parental or guardian consent is obtained. However, Member States can lower the age limit to 13 years if they choose.

In this scenario, MED requires parental consent for children below 16 years, which aligns with GDPR requirements. Therefore, Option B is correct. Option A is incorrect because GDPR allows parental consent. Option C is incorrect because GDPR does not require explicit consent from the child when parental consent is given. Option D is incorrect because encryption alone does not determine compliance.


Reference:

GDPR Article 8 (Conditions for children's consent)

Recital 38 (Protection of children's data)



Scenario 1:

MED is a healthcare provider located in Norway. It provides high-quality and affordable healthcare services, including disease prevention, diagnosis, and treatment. Founded in 1995, MED is one of the largest health organizations in the private sector. The company has constantly evolved in response to patients' needs.

Patients that schedule an appointment in MED's medical centers initially need to provide their personal information, including name, surname, address, phone number, and date of birth. Further checkups or admission require additional information, including previous medical history and genetic dat

  1. When providing their personal data, patients are informed that the data is used for personalizing treatments and improving communication with MED's doctors. Medical data of patients, including children, are stored in the database of MED's health information system. MED allows patients who are at least 16 years old to use the system and provide their personal information independently. For children below the age of 16, MED requires consent from the holder of parental responsibility before processing their data.
    MED uses a cloud-based application that allows patients and doctors to upload and access information. Patients can save all personal medical data, including test results, doctor visits, diagnosis history, and medicine prescriptions, as well as review and track them at any time. Doctors, on the other hand, can access their patients' data through the application and can add information as needed.
    Patients who decide to continue their treatment at another health institution can request MED to transfer their data. However, even if patients decide to continue their treatment elsewhere, their personal data is still used by MED. Patients' requests to stop data processing are rejected. This decision was made by MED's top management to retain the information of everyone registered in their databases.
    The company also shares medical data with InsHealth, a health insurance company. MED's data helps InsHealth create health insurance plans that meet the needs of individuals and families.
    MED believes that it is its responsibility to ensure the security and accuracy of patients' personal data. Based on the identified risks associated with data processing activities, MED has implemented appropriate security measures to ensure that data is securely stored and processed.
    Since personal data of patients is stored and transmitted over the internet, MED uses encryption to avoid unauthorized processing, accidental loss, or destruction of data. The company has established a security policy to define the levels of protection required for each type of information and processing activity. MED has communicated the policy and other procedures to personnel and provided customized training to ensure proper handling of data processing.
    Questio n:
    Considering the nature of data processing activities described in scenario 1, is GDPR applicable to MED?
  2. Yes, GDPR is applicable to MED due to its processing activities involving personal information.
  3. Yes, MED's use of cloud-based software to store and process health-related information necessitates compliance with GDPR's data protection requirements.
  4. No, MED's activities include healthcare services within one of the four EFTA states, which do not fall under the scope of GDPR.
  5. No, because MED operates only in Norway, and GDPR does not apply to domestic processing.

Answer(s): A

Explanation:

GDPR applies to any organization that processes personal data of individuals within the European Economic Area (EEA), regardless of the organization's location. Since MED is based in Norway, which is an EEA country, and processes personal health data, it must comply with GDPR.

Option A is correct because GDPR applies to all controllers and processors within the EEA. Option B is misleading because while cloud-based software is relevant, the primary reason GDPR applies is MED's processing of personal data. Option C is incorrect because EFTA states (including Norway) are subject to GDPR. Option D is incorrect because GDPR applies to all personal data processing in the EEA.


Reference:

GDPR Article 3 (Territorial Scope)

Recital 22 (GDPR applies to EEA countries)



Scenario 1:

MED is a healthcare provider located in Norway. It provides high-quality and affordable healthcare services, including disease prevention, diagnosis, and treatment. Founded in 1995, MED is one of the largest health organizations in the private sector. The company has constantly evolved in response to patients' needs.

Patients that schedule an appointment in MED's medical centers initially need to provide their personal information, including name, surname, address, phone number, and date of birth. Further checkups or admission require additional information, including previous medical history and genetic dat

  1. When providing their personal data, patients are informed that the data is used for personalizing treatments and improving communication with MED's doctors. Medical data of patients, including children, are stored in the database of MED's health information system. MED allows patients who are at least 16 years old to use the system and provide their personal information independently. For children below the age of 16, MED requires consent from the holder of parental responsibility before processing their data.
    MED uses a cloud-based application that allows patients and doctors to upload and access information. Patients can save all personal medical data, including test results, doctor visits, diagnosis history, and medicine prescriptions, as well as review and track them at any time. Doctors, on the other hand, can access their patients' data through the application and can add information as needed.
    Patients who decide to continue their treatment at another health institution can request MED to transfer their data. However, even if patients decide to continue their treatment elsewhere, their personal data is still used by MED. Patients' requests to stop data processing are rejected. This decision was made by MED's top management to retain the information of everyone registered in their databases.
    The company also shares medical data with InsHealth, a health insurance company. MED's data helps InsHealth create health insurance plans that meet the needs of individuals and families.
    MED believes that it is its responsibility to ensure the security and accuracy of patients' personal data. Based on the identified risks associated with data processing activities, MED has implemented appropriate security measures to ensure that data is securely stored and processed.
    Since personal data of patients is stored and transmitted over the internet, MED uses encryption to avoid unauthorized processing, accidental loss, or destruction of data. The company has established a security policy to define the levels of protection required for each type of information and processing activity. MED has communicated the policy and other procedures to personnel and provided customized training to ensure proper handling of data processing.

    Questio n:
    Based on scenario 1, MED shares patients' personal data with a health insurance company. Does MED comply with the purpose limitation principle?
  2. Yes, personal data may be used for purposes in the public interest or statistical purposes in accordance with Article 89 of GDPR.
  3. Yes, using personal data for creating health insurance plans is within the scope of the data collection purpose.
  4. No, personal data should be collected for specified, explicit, and legitimate purposes in accordance with Article 5 of GDPR.
  5. Yes, as long as the data is encrypted before sharing.

Answer(s): C

Explanation:

Under Article 5(1)(b) of GDPR, personal data must be collected for specific, explicit, and legitimate purposes and cannot be further processed in a manner incompatible with those purposes. Sharing medical data with an insurance company is a separate purpose and requires explicit consent or another lawful basis.


Reference:

GDPR Article 5(1)(b) (Purpose limitation)



Scenario 1:

MED is a healthcare provider located in Norway. It provides high-quality and affordable healthcare services, including disease prevention, diagnosis, and treatment. Founded in 1995, MED is one of the largest health organizations in the private sector. The company has constantly evolved in response to patients' needs.

Patients that schedule an appointment in MED's medical centers initially need to provide their personal information, including name, surname, address, phone number, and date of birth. Further checkups or admission require additional information, including previous medical history and genetic dat

  1. When providing their personal data, patients are informed that the data is used for personalizing treatments and improving communication with MED's doctors. Medical data of patients, including children, are stored in the database of MED's health information system. MED allows patients who are at least 16 years old to use the system and provide their personal information independently. For children below the age of 16, MED requires consent from the holder of parental responsibility before processing their data.
    MED uses a cloud-based application that allows patients and doctors to upload and access information. Patients can save all personal medical data, including test results, doctor visits, diagnosis history, and medicine prescriptions, as well as review and track them at any time. Doctors, on the other hand, can access their patients' data through the application and can add information as needed.
    Patients who decide to continue their treatment at another health institution can request MED to transfer their data. However, even if patients decide to continue their treatment elsewhere, their personal data is still used by MED. Patients' requests to stop data processing are rejected. This decision was made by MED's top management to retain the information of everyone registered in their databases.
    The company also shares medical data with InsHealth, a health insurance company. MED's data helps InsHealth create health insurance plans that meet the needs of individuals and families.
    MED believes that it is its responsibility to ensure the security and accuracy of patients' personal data. Based on the identified risks associated with data processing activities, MED has implemented appropriate security measures to ensure that data is securely stored and processed.
    Since personal data of patients is stored and transmitted over the internet, MED uses encryption to avoid unauthorized processing, accidental loss, or destruction of data. The company has established a security policy to define the levels of protection required for each type of information and processing activity. MED has communicated the policy and other procedures to personnel and provided customized training to ensure proper handling of data processing.

    Questio n:
    Based on scenario 1, which data subject right is NOT guaranteed by MED?
  2. Right to be informed
  3. Right to restriction of processing
  4. Right to data portability
  5. Right to rectification

Answer(s): B

Explanation:

Under Article 18 of GDPR, the right to restriction of processing allows data subjects to request that processing of their personal data be limited under certain conditions, such as when accuracy is contested or processing is unlawful but the data subject opposes erasure.

From the scenario, MED does not provide the option to restrict processing, as patients who request to stop processing are denied. This makes Option B correct. Option A is incorrect because MED does inform patients about data collection purposes. Option C is incorrect because medical data could be transferred to other institutions. Option D is incorrect because rectification of inaccurate data is a standard obligation.


Reference:

GDPR Article 18 (Right to restriction of processing)

GDPR Article 12 (Transparent communication with data subjects)



Viewing page 1 of 17

Share your comments for PECB GDPR exam with other users:

S
SuckerPumch88
4/25/2022 10:24:00 AM

the questions are exactly the same in real exam. just make sure not to answer all them correct or else they suspect you are cheating.

UNITED STATES
S
soheib
7/24/2023 7:05:00 PM

question: 78 the right answer i think is d not a

Anonymous
S
srija
8/14/2023 8:53:00 AM

very helpful

EUROPEAN UNION
T
Thembelani
5/30/2023 2:17:00 AM

i am writing this exam tomorrow and have dumps

Anonymous
A
Anita
10/1/2023 4:11:00 PM

can i have the icdl excel exam

Anonymous
B
Ben
9/9/2023 7:35:00 AM

please upload it

Anonymous
A
anonymous
9/20/2023 11:27:00 PM

hye when will post again the past year question for this h13-311_v3 part since i have to for my test tommorow…thank you very much

Anonymous
R
Randall
9/28/2023 8:25:00 PM

on question 22, option b-once per session is also valid.

Anonymous
T
Tshegofatso
8/28/2023 11:51:00 AM

this website is very helpful

SOUTH AFRICA
P
philly
9/18/2023 2:40:00 PM

its my first time exam

SOUTH AFRICA
B
Beexam
9/4/2023 9:06:00 PM

correct answers are device configuration-enable the automatic installation of webview2 runtime. & policy management- prevent users from submitting feedback.

NEW ZEALAND
R
RAWI
7/9/2023 4:54:00 AM

is this dump still valid? today is 9-july-2023

SWEDEN
A
Annie
6/7/2023 3:46:00 AM

i need this exam.. please upload these are really helpful

PAKISTAN
S
Shubhra Rathi
8/26/2023 1:08:00 PM

please upload the oracle 1z0-1059-22 dumps

Anonymous
S
Shiji
10/15/2023 1:34:00 PM

very good questions

INDIA
R
Rita Rony
11/27/2023 1:36:00 PM

nice, first step to exams

Anonymous
A
Aloke Paul
9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...

CHINA
C
Calbert Francis
1/15/2024 8:19:00 PM

great exam for people taking 220-1101

UNITED STATES
A
Ayushi Baria
11/7/2023 7:44:00 AM

this is very helpfull for me

Anonymous
A
alma
8/25/2023 1:20:00 PM

just started preparing for the exam

UNITED KINGDOM
C
CW
7/10/2023 6:46:00 PM

these are the type of questions i need.

UNITED STATES
N
Nobody
8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?

Anonymous
S
Salah
7/23/2023 9:46:00 AM

thanks for providing these questions

Anonymous
R
Ritu
9/15/2023 5:55:00 AM

interesting

CANADA
R
Ron
5/30/2023 8:33:00 AM

these dumps are pretty good.

Anonymous
S
Sowl
8/10/2023 6:22:00 PM

good questions

UNITED STATES
B
Blessious Phiri
8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database

Anonymous
R
Richard
10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.

Anonymous
J
Janjua
5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps

GERMANY
M
Matt
12/30/2023 11:18:00 AM

if only explanations were provided...

FRANCE
R
Rasha
6/29/2023 8:23:00 PM

yes .. i need the dump if you can help me

Anonymous
A
Anonymous
7/25/2023 8:05:00 AM

good morning, could you please upload this exam again?

SPAIN
A
AJ
9/24/2023 9:32:00 AM

hi please upload sre foundation and practitioner exam questions

Anonymous
P
peter parker
8/10/2023 10:59:00 AM

the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?

Anonymous
AI Tutor 👋 I’m here to help!