Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. PECB
  3. GDPR

PECB GDPR Exam (page: 3)
PECB Certified Data Protection Officer
Updated on: 25-Dec-2025

Viewing Page 3 of 17
GDPR PDF 80 Questions

Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    Considering the GDPR's territorial scope and the data processing agreement between COR Bank and Tibko, which of the following best describes Tibko's obligations under the GDPR?
  2. Tibko's compliance with GDPR is limited to implementing technical safeguards for data storage, as stipulated by the data processing agreement with COR Bank.
  3. Tibko must adhere to all GDPR provisions independently, including determining the purpose of processing personal data, as a processor acting under COR Bank's authority.
  4. Tibko is required to comply with the GDPR because it processes personal data on behalf of COR Bank, and COR Bank determines the purpose of processing under their agreement.
  5. Tibko is not subject to GDPR since it is located outside the EU and only provides IT services.

Answer(s): C

Explanation:

Under Article 3(2) of GDPR, GDPR applies extraterritorially if an entity outside the EU processes personal data of EU residents on behalf of a controller subject to GDPR. Tibko processes COR Bank's client data, making it subject to GDPR as a processor under Article 28.

Option C is correct because Tibko must comply with GDPR since it processes EU data on behalf of COR Bank.

Option A is incorrect because processors must comply with broader GDPR obligations, not just technical safeguards.

Option B is incorrect because processors do not determine the purpose of processing; that is the controller's responsibility.

Option D is incorrect because location outside the EU does not exempt processors from GDPR obligations.


Reference:

GDPR Article 3(2) (Territorial Scope)

GDPR Article 28(1) (Processor obligations)

Recital 81 (Processor responsibilities)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    According to scenario 3, Lisa was appointed as the Data Protection Officer (DPO) of COR Bank. Is this action in compliance with GDPR?
  2. Yes, the DPO may be a staff member of the controller or processor or fulfill the tasks based on a service contract.
  3. Yes, the DPO must be a staff member of the controller or processor in all cases when processing includes special categories of data.
  4. No, an external DPO must be contracted when personal data is collected or processed by an organization that is not established in the European Union.
  5. No, Lisa cannot be appointed as a DPO because she was already an information security officer.

Answer(s): A

Explanation:

Under Article 37(6) of GDPR, the DPO can be an employee of the company or an external contractor. Lisa's appointment complies with GDPR because she is a staff member with data protection expertise.

Option A is correct because GDPR allows organizations to appoint an internal or external DPO.

Option B is incorrect because a DPO does not have to be an internal staff member even for special categories of data.

Option C is incorrect because a company can appoint an internal DPO even if it operates internationally.

Option D is incorrect because having another role does not disqualify someone from being a DPO, as long as there is no conflict of interest.


Reference:

GDPR Article 37(6) (DPO may be an employee or external contractor)

Recital 97 (DPO qualifications and independence)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    Lisa implemented the updates to the data protection policy. Is she responsible for this under GDPR?
  2. No, the DPO is only responsible for proposing changes and obtaining evidence regarding specific GDPR requirements in the policy.
  3. No, the DPO is responsible for monitoring compliance with GDPR but not for implementing the GDPR compliance policies.
  4. Yes, the DPO is responsible for implementing GDPR policies, procedures, and processes, as well as ensuring compliance.
  5. Yes, the DPO is responsible for all security-related tasks, including updating GDPR policies.

Answer(s): B

Explanation:

Under Article 39(1)(b) of GDPR, the DPO's role is advisory--they monitor compliance but do not actively implement policies.

Option B is correct because DPOs advise and monitor but do not execute policy updates.

Option A is incorrect because DPOs do more than just propose changes; they ensure compliance.

Option C is incorrect because implementation is the responsibility of the controller, not the DPO.

Option D is incorrect because DPOs do not handle general security responsibilities.


Reference:

GDPR Article 39(1)(b) (DPO's monitoring role)

Recital 97 (DPO's independence and advisory function)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    According to scenario 3, Tibko stores archived data on behalf of COR Bank. This means that Tibko is a:
  2. Data controller, since they control some of the data from the application processes of COR Bank.
  3. Data processor, since they store COR Bank's data based on the purpose and conditions defined by COR Bank.
  4. Joint controller with COR Bank, since they archive COR Bank's data and take technical decisions regarding data protection.
  5. Independent controller, since Tibko handles data security and storage.

Answer(s): B

Explanation:

Under Article 4(8) of GDPR, a data processor processes personal data on behalf of a controller and does not determine the purpose of processing. Tibko only stores and manages data but does not decide why it is processed.

Option B is correct because Tibko acts as a processor for COR Bank.

Option A is incorrect because Tibko does not determine data processing purposes.

Option C is incorrect because joint controllers must jointly decide on processing purposes.

Option D is incorrect because Tibko does not act as an independent controller.


Reference:

GDPR Article 4(8) (Definition of a processor)

GDPR Article 28 (Processor obligations)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    Based on scenario 3, Lisa was advised to take orders from the heads of other departments. Is this acceptable under GDPR?
  2. Yes, only heads of departments within a financial institution are allowed to give orders to the DPO.
  3. Yes, the DPO shall take instructions and tasks from employee members if required by the organization.
  4. No, the organization should not influence, nor put pressure on the DPO for any decision taken.
  5. Yes, the DPO is responsible for following management directives while ensuring GDPR compliance.

Answer(s): C

Explanation:

Under Article 38(3) of GDPR, the DPO must operate independently, without receiving instructions regarding the execution of their tasks. A DPO should not be pressured or influenced by the organization when assessing data protection compliance.

Option C is correct because GDPR explicitly states that DPOs must act independently.

Option A is incorrect because no department heads should interfere with the DPO's decisions.

Option B is incorrect because DPOs should not take orders on GDPR matters.

Option D is incorrect because DPOs must not be influenced by management, even if they provide general compliance guidance.


Reference:

GDPR Article 38(3) (DPO independence)

Recital 97 (DPO's autonomy and protection from pressure)



Viewing Page 3 of 17



Share your comments for PECB GDPR exam with other users:

Neo 7/26/2023 9:36:00 AM

are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?
SOUTH AFRICA


Bilal 8/22/2023 6:33:00 AM

i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.
Anonymous


John 11/12/2023 8:48:00 PM

why only give explanations on some, and not all questions and their respective answers?
UNITED STATES


Biswa 11/20/2023 8:50:00 AM

refresh db knowledge
Anonymous


Shalini Sharma 10/17/2023 8:29:00 AM

interested for sap certification
JAPAN


ethan 9/24/2023 12:38:00 PM

could you please upload practice questions for scr exam ?
HONG KONG


vijay joshi 8/19/2023 3:15:00 AM

please upload free oracle cloud infrastructure 2023 foundations associate exam braindumps
Anonymous


Ayodele Talabi 8/25/2023 9:25:00 PM

sweating! they are tricky
CANADA


Romero 3/23/2022 4:20:00 PM

i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
UNITED STATES


John Kennedy 9/20/2023 3:33:00 AM

good practice and well sites.
Anonymous


Nenad 7/12/2022 11:05:00 PM

passed my first exam last week and pass the second exam this morning. thank you sir for all the help and these brian dumps.
INDIA


Lucky 10/31/2023 2:01:00 PM

does anyone who attended exam csa 8.8, can confirm these questions are really coming ? or these are just for practicing?
HONG KONG


Prateek 9/18/2023 11:13:00 AM

kindly share the dumps
UNITED STATES


Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous


php 6/16/2023 12:49:00 AM

passed today
Anonymous


Durga 6/23/2023 1:22:00 AM

hi can you please upload questions
Anonymous


JJ 5/28/2023 4:32:00 AM

please upload quetions
THAILAND


Norris 1/3/2023 8:06:00 PM

i passed my exam thanks to this braindumps questions. these questions are valid in us and i highly recommend it!
UNITED STATES


abuti 7/21/2023 6:10:00 PM

are they truely latest
Anonymous


Curtis Nakawaki 7/5/2023 8:46:00 PM

questions appear contemporary.
UNITED STATES


Vv 12/2/2023 6:31:00 AM

good to prepare in this site
UNITED STATES


praveenkumar 11/20/2023 11:57:00 AM

very helpful to crack first attempt
Anonymous


asad Raza 5/15/2023 5:38:00 AM

please upload this exam
CHINA


Reeta 7/17/2023 5:22:00 PM

please upload the c_activate22 dump questions with answer
SWEDEN


Wong 12/20/2023 11:34:00 AM

q10 - the answer should be a. if its c, the criteria will meet if either the prospect is not part of the suppression lists or if the job title contains vice president
MALAYSIA


david 12/12/2023 12:38:00 PM

this was on the exam as of 1211/2023
Anonymous


Tink 7/24/2023 9:23:00 AM

great for prep
GERMANY


Jaro 12/18/2023 3:12:00 PM

i think in question 7 the first answer should be power bi portal (not power bi)
Anonymous


9eagles 4/7/2023 10:04:00 AM

on question 10 and so far 2 wrong answers as evident in the included reference link.
Anonymous


Tai 8/28/2023 5:28:00 AM

wonderful material
SOUTH AFRICA


VoiceofMidnight 12/29/2023 4:48:00 PM

i passed!! ...but barely! got 728, but needed 720 to pass. the exam hit me with labs right out of the gate! then it went to multiple choice. protip: study the labs!
UNITED STATES


A K 8/3/2023 11:56:00 AM

correct answer for question 92 is c -aws shield
Anonymous


Nitin Mindhe 11/27/2023 6:12:00 AM

great !! it is really good
IRELAND


BailleyOne 11/22/2023 1:45:00 AM

explanations for the answers are to the point.
Anonymous