BCS PDP9 BCS Practitioner Certificate in Data Protection Online Training
BCS PDP9 Online Training
The questions for PDP9 were last updated at Nov 19,2024.
- Exam Code: PDP9
- Exam Name: BCS Practitioner Certificate in Data Protection
- Certification Provider: BCS
- Latest update: Nov 19,2024
Who is entitled to a private life by law in the UK?
- A . All individuals.
- B . All individuals save for Members of Parliament
- C . Private individuals who do not conduct their business on public platforms (such as professional
sports people and actors - D . Nobody
When were data protection rights first introduced into UK law’?
- A . 2000 (Data Protection Act 1998)
- B . 1992 (Data Protection Act 1992).
- C . 1984 (Data Protection Act 1984).
- D . 2018 (Data Protection Act 2018)
A company has twenty retail outlets in France and thirty retail outlets in Belgium. The payroll department and the Data Protection Officer are based in Poland. The Company Board and administrative functions are based in Germany. Determine where the company’s ‘main establishment’ would be
- A . Belgium
- B . France
- C . Germany
- D . Poland
Under which circumstances can the ‘domestic purposes’ exemption be used to justify non-compliance with the Data Protection Act 2018?
A) An individual sells make up products for commission and uses social media to promote products to friends and family
B) A couple are planning their daughter’s wedding and use excel to store contact details and dietary needs of the guests
C) An individual employs a babysitter and stores her bank details in an encrypted document in order to make payments
D) A pansh council keeps a spreadsheet to manage bookings of the village hall, it contains only contact information and time slots
E) A group of students are arranging a house party and using social media to invite people that they do and do not know
- A . A, B, C, and E.
- B . B. C. D, and E
- C . B, and C
- D . A, B, C, and D
What is the meaning of storage limitation in relation to UK GDPR Article 5 (1)(e)?
- A . Keeping identifiable personal data for no longer than is necessary for the intended processing
- B . Storing data in a secure format only permitting access to those with a business need
- C . Only storing data in locations within the EU. except where there is an adequacy decision.
- D . Limiting the number of records stored in any single repository to minimise risk surface.
Which of the below would be the BEST example of processing that could utilise the Public Interest Task lawful basis?
- A . A health authority processing the personal information of its staff in order to record all training undertaken
- B . A debt collection agency processing information relating to unpaid fines for misuse of community council car parking.
- C . A local authority processing the personal information of the person responsible for paying council tax
- D . A tax authority drops cookies on the devices of visitors to its website
Article 9(2)(c) of UK GDPR condition of processing special category data in the vital interests of the data subject is only applicable in which of the following circumstances:
- A . When another lawful basis applies.
- B . When a data subject is incapacitated
- C . When the data subject is physically unable to be present
- D . When the data subject refuses to consent
What is the basis of the accountability and data governance obligation (Article 5 (2) of the GDPR)?
- A . The controller shall appoint a DPO before carrying out large scale processing
- B . The controller shall be responsible for. and be able to demonstrate compliance with the data protection principles.
- C . Controllers and Processors each have a responsibility to conduct legitimate interests balancing tests before processing data for direct marketing
- D . Processors have overarching responsibility to ensure their processing is compliant
Of the following options which is NOT a purpose of carrying out a Data Protection Impact Assessment (DPIA)?
- A . It is necessary to fulfil the requirement that all DPIAs are submitted to the ICO
- B . It is key to the accountability element of the GDPR.
- C . It fulfils a requirement that data protection is carried out by design and default.
- D . It assists in identifying the main risks that may exist in any use of data, so that they can be mitigated
You are a consulting Data Protection Officer (DPO) for a holiday resort You have been asked to conduct a Data Protection Impact Assessment (DPIA) for them in advance of adopting a new HR management database.
While working through the DPIA, which of the following is NOT a requirement?
- A . Describe the processing
- B . Sign off and record outcomes.
- C . Identify measures to mitigate the risks
- D . Publish any potential risks in your information notice.
Latest PDP9 Dumps Valid Version with 40 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
