PDPF Exam Dumps : Privacy and Data Protection Foundation

The numerous powers of the Supervisory Authority are divided into:

-Investigative powers;

-Correcting powers;

-Advisory and authorization powers.

The investigative powers provided for in Article 58, Paragraph 1 are:

a) To order the controller and the processor, and, where applicable, the controller’s or the processor’s representative to provide any information it requires for the performance of its tasks;

b)To carry out investigations in the form of data protection audits;

c)To carry out a review on certifications issued pursuant to Article 42(7);

d)To notify the controller or the processor of an alleged infringement of this Regulation;

e)To obtain, from the controller and the processor, access to all personal data and to all information necessary for the performance of its tasks;

f)To obtain access to any premises of the controller and the processor, including to any data processing equipment and means, in accordance with Union or Member State procedural law.

By applying the concept of least privilege to the personal data collected, stored or otherwise

processed. Incorrect. Data minimization does not address least privilege.

By limiting access rights to staff who need the personal data for the intended processing operations. Incorrect. This describes the concept of limiting authorization for instance to comply with the principle of integrity and confidentiality.

By limiting file sizes, through saving all personal data that is processed in the smallest possible format. Incorrect. Data minimization according to the GDPR is not about storage size, but about minimalizing the use of personal data.

By limiting the personal data to what is adequate, relevant and necessary for the processing purposes.

Correct. This is the essence of the description in the GDPR. (Literature: A, Chapter 2; GDPR Article 5(1)(c))