PDPF Exam Dumps : Privacy and Data Protection Foundation

The organization minimizes the risk of costly adjustments in processes or the redesign of systems in a later stage. Incorrect. This aspect may strengthen the confidence of management, but not of customers or citizens.

The organization prevents non-compliance with the GDPR and minimizes the risk of fines. Incorrect. Preventing fines may strengthen the confidence of management, but not of customers or citizens.

The organization proves that it takes privacy seriously and aims for compliance with the GDPR. Correct. Doing a DPIA shows customers or citizens that the company is serious about data protection. (Literature: A, Chapter 8)

As stated in the statement, Article 9 concerns the treatment of special categories of personal data, also called sensitive data.

This is a type of question that is often asked by EXIN. Important to remember which types of data are categorized as sensitive.

Article 9: Processing of special categories of personal data

1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

Examples of sensitive data: Race, skin color, family tree, political party, political party affiliation, religious beliefs, illness, test results, digital, facial recognition and sexual preference. These are just a few examples.

The GDPR has 173 recitals. The Recitals introduce a better understanding of the law and its articles. The Articles, which are 99 in total, contain the mandatory requirements of the law.