Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. PECB
  3. GDPR

PECB Certified Data Protection Officer GDPR Exam Questions in PDF

Free PECB GDPR Dumps Questions (page: 3)

GDPR PDF — 80 Questions

Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    Considering the GDPR's territorial scope and the data processing agreement between COR Bank and Tibko, which of the following best describes Tibko's obligations under the GDPR?
  2. Tibko's compliance with GDPR is limited to implementing technical safeguards for data storage, as stipulated by the data processing agreement with COR Bank.
  3. Tibko must adhere to all GDPR provisions independently, including determining the purpose of processing personal data, as a processor acting under COR Bank's authority.
  4. Tibko is required to comply with the GDPR because it processes personal data on behalf of COR Bank, and COR Bank determines the purpose of processing under their agreement.
  5. Tibko is not subject to GDPR since it is located outside the EU and only provides IT services.

Answer(s): C

Explanation:

Under Article 3(2) of GDPR, GDPR applies extraterritorially if an entity outside the EU processes personal data of EU residents on behalf of a controller subject to GDPR. Tibko processes COR Bank's client data, making it subject to GDPR as a processor under Article 28.

Option C is correct because Tibko must comply with GDPR since it processes EU data on behalf of COR Bank.

Option A is incorrect because processors must comply with broader GDPR obligations, not just technical safeguards.

Option B is incorrect because processors do not determine the purpose of processing; that is the controller's responsibility.

Option D is incorrect because location outside the EU does not exempt processors from GDPR obligations.


Reference:

GDPR Article 3(2) (Territorial Scope)

GDPR Article 28(1) (Processor obligations)

Recital 81 (Processor responsibilities)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    According to scenario 3, Lisa was appointed as the Data Protection Officer (DPO) of COR Bank. Is this action in compliance with GDPR?
  2. Yes, the DPO may be a staff member of the controller or processor or fulfill the tasks based on a service contract.
  3. Yes, the DPO must be a staff member of the controller or processor in all cases when processing includes special categories of data.
  4. No, an external DPO must be contracted when personal data is collected or processed by an organization that is not established in the European Union.
  5. No, Lisa cannot be appointed as a DPO because she was already an information security officer.

Answer(s): A

Explanation:

Under Article 37(6) of GDPR, the DPO can be an employee of the company or an external contractor. Lisa's appointment complies with GDPR because she is a staff member with data protection expertise.

Option A is correct because GDPR allows organizations to appoint an internal or external DPO.

Option B is incorrect because a DPO does not have to be an internal staff member even for special categories of data.

Option C is incorrect because a company can appoint an internal DPO even if it operates internationally.

Option D is incorrect because having another role does not disqualify someone from being a DPO, as long as there is no conflict of interest.


Reference:

GDPR Article 37(6) (DPO may be an employee or external contractor)

Recital 97 (DPO qualifications and independence)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    Lisa implemented the updates to the data protection policy. Is she responsible for this under GDPR?
  2. No, the DPO is only responsible for proposing changes and obtaining evidence regarding specific GDPR requirements in the policy.
  3. No, the DPO is responsible for monitoring compliance with GDPR but not for implementing the GDPR compliance policies.
  4. Yes, the DPO is responsible for implementing GDPR policies, procedures, and processes, as well as ensuring compliance.
  5. Yes, the DPO is responsible for all security-related tasks, including updating GDPR policies.

Answer(s): B

Explanation:

Under Article 39(1)(b) of GDPR, the DPO's role is advisory--they monitor compliance but do not actively implement policies.

Option B is correct because DPOs advise and monitor but do not execute policy updates.

Option A is incorrect because DPOs do more than just propose changes; they ensure compliance.

Option C is incorrect because implementation is the responsibility of the controller, not the DPO.

Option D is incorrect because DPOs do not handle general security responsibilities.


Reference:

GDPR Article 39(1)(b) (DPO's monitoring role)

Recital 97 (DPO's independence and advisory function)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    According to scenario 3, Tibko stores archived data on behalf of COR Bank. This means that Tibko is a:
  2. Data controller, since they control some of the data from the application processes of COR Bank.
  3. Data processor, since they store COR Bank's data based on the purpose and conditions defined by COR Bank.
  4. Joint controller with COR Bank, since they archive COR Bank's data and take technical decisions regarding data protection.
  5. Independent controller, since Tibko handles data security and storage.

Answer(s): B

Explanation:

Under Article 4(8) of GDPR, a data processor processes personal data on behalf of a controller and does not determine the purpose of processing. Tibko only stores and manages data but does not decide why it is processed.

Option B is correct because Tibko acts as a processor for COR Bank.

Option A is incorrect because Tibko does not determine data processing purposes.

Option C is incorrect because joint controllers must jointly decide on processing purposes.

Option D is incorrect because Tibko does not act as an independent controller.


Reference:

GDPR Article 4(8) (Definition of a processor)

GDPR Article 28 (Processor obligations)



Scenario 3:

COR Bank is an international banking group that operates in 31 countries. It was formed as the merger of two well-known investment banks in Germany. Their two main fields of business are retail and investment banking. COR Bank provides innovative solutions for services such as payments, cash management, savings, protection insurance, and real-estate services. COR Bank has a large number of clients and transactions. Therefore, they process large information, including clients' personal dat

  1. Some of the data from the application processes of COR Bank, including archived data, is operated by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank and Tibko have reached a data processing agreement Based on the agreement, the purpose and conditions of data processing are determined by COR Bank. However, Tibko is allowed to make technical decisions for storing the data based on its own expertise. COR Bank aims to remain a trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to legal compliance. They started the implementation process of a GDPR compliance program in 2018.
    The first step was to analyze the existing resources and procedures. Lisa was appointed as the data protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa had knowledge of the organization's core activities. She was previously involved in most of the processes related to information systems management and data protection. Lisa played a key role in achieving compliance to the GDPR by advising the company regarding data protection obligations and creating a data protection strategy. After obtaining evidence of the existing data protection policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of GDPR.
    Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between processes of different departments within the organization, Lisa has constantly communicated with all heads of departments. As the DPO, she had access to several departments, including HR and Accounting Department. This assured the organization that there was a continuous cooperation between them. The activities of some departments within COR Bank are closely related to data protection. Therefore, considering their expertise, Lisa was advised from the top management to take orders from the heads of those departments when taking decisions related to their field. Based on this scenario, answer the following Questio n:
    Questio n:
    Based on scenario 3, Lisa was advised to take orders from the heads of other departments. Is this acceptable under GDPR?
  2. Yes, only heads of departments within a financial institution are allowed to give orders to the DPO.
  3. Yes, the DPO shall take instructions and tasks from employee members if required by the organization.
  4. No, the organization should not influence, nor put pressure on the DPO for any decision taken.
  5. Yes, the DPO is responsible for following management directives while ensuring GDPR compliance.

Answer(s): C

Explanation:

Under Article 38(3) of GDPR, the DPO must operate independently, without receiving instructions regarding the execution of their tasks. A DPO should not be pressured or influenced by the organization when assessing data protection compliance.

Option C is correct because GDPR explicitly states that DPOs must act independently.

Option A is incorrect because no department heads should interfere with the DPO's decisions.

Option B is incorrect because DPOs should not take orders on GDPR matters.

Option D is incorrect because DPOs must not be influenced by management, even if they provide general compliance guidance.


Reference:

GDPR Article 38(3) (DPO independence)

Recital 97 (DPO's autonomy and protection from pressure)



Viewing page 3 of 17

Share your comments for PECB GDPR exam with other users:

N
Naveed
8/28/2023 2:48:00 AM

good questions with simple explanation

UNITED STATES
C
cert
9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s

Anonymous
Y
Yves
8/29/2023 8:46:00 PM

very inciting

Anonymous
M
Miguel
10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;

SPAIN
B
Byset
9/25/2023 12:49:00 AM

it look like real one

Anonymous
D
Debabrata Das
8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps

Anonymous
N
nITA KALE
8/22/2023 1:57:00 AM

i need dumps

Anonymous
C
CV
9/9/2023 1:54:00 PM

its time to comptia sec+

GREECE
S
SkepticReader
8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).

UNITED STATES
N
Nabin
10/16/2023 4:58:00 AM

helpful content

MALAYSIA
B
Blessious Phiri
8/15/2023 3:19:00 PM

oracle 19c is complex db

Anonymous
S
Sreenivas
10/24/2023 12:59:00 AM

helpful for practice

Anonymous
L
Liz
9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.

UNITED STATES
N
Namrata
7/15/2023 2:22:00 AM

helpful questions

Anonymous
L
lipsa
11/8/2023 12:54:00 PM

thanks for question

Anonymous
E
Eli
6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.

EUROPEAN UNION
O
open2exam
10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?

Anonymous
G
Gerald
9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam

UNITED STATES
R
ryo
9/10/2023 2:27:00 PM

very helpful

MEXICO
J
Jamshed
6/20/2023 4:32:00 AM

i need this exam

PAKISTAN
R
Roberto Capra
6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?

Anonymous
S
Synt
5/23/2023 9:33:00 PM

need to view

UNITED STATES
V
Vey
5/27/2023 12:06:00 AM

highly appreciate for your sharing.

CAMBODIA
T
Tshepang
8/18/2023 4:41:00 AM

kindly share this dump. thank you

Anonymous
J
Jay
9/26/2023 8:00:00 AM

link plz for download

UNITED STATES
L
Leo
10/30/2023 1:11:00 PM

data quality oecd

Anonymous
B
Blessious Phiri
8/13/2023 9:35:00 AM

rman is one good recovery technology

Anonymous
D
DiligentSam
9/30/2023 10:26:00 AM

need it thx

Anonymous
V
Vani
8/10/2023 8:11:00 PM

good questions

NEW ZEALAND
F
Fares
9/11/2023 5:00:00 AM

good one nice revision

Anonymous
L
Lingaraj
10/26/2023 1:27:00 AM

i love this thank you i need

Anonymous
M
Muhammad Rawish Siddiqui
12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.

SAUDI ARABIA
A
al
6/7/2023 10:25:00 AM

most answers not correct here

Anonymous
B
Bano
1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?

UNITED STATES
AI Tutor 👋 I’m here to help!