CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. BCS
  5. PDP9

Free PDP9 Exam Braindumps (page: 2)

Page 1 of 11
PDF with 40 Questions

Who is entitled to a private life by law in the UK?

  1. All individuals.
  2. All individuals save for Members of Parliament
  3. Private individuals who do not conduct their business on public platforms (such as professional sports people and actors
  4. Nobody

Answer(s): A

Explanation:

The right to a private life is a fundamental human right that is protected by law in the UK. Article 8 of the European Convention on Human Rights (ECHR), which is incorporated into UK law by the Human Rights Act 1998, states that "Everyone has the right to respect for his private and family life, his home and his correspondence". This right applies to all individuals, regardless of their status, profession, or public exposure. The right to a private life covers aspects such as personal identity, personal relationships, physical and mental well-being, personal data, and correspondence. However, this right is not absolute and can be limited or interfered with by the state or other parties in certain circumstances, such as for the protection of national security, public safety, health, morals, or the rights and freedoms of others.


Reference:

Article 8 of the ECHR
Human Rights Act 1998
ICO Guide to Data Protection



When were data protection rights first introduced into UK law'?

  1. 2000 (Data Protection Act 1998)
  2. 1992 (Data Protection Act 1992).
  3. 1984 (Data Protection Act 1984).
  4. 2018 (Data Protection Act 2018)

Answer(s): C

Explanation:

Data protection rights were first introduced into UK law by the Data Protection Act 1984, which was enacted to implement the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 1981. The Data Protection Act 1984 established a set of principles for the processing of personal data by data users, such as obtaining consent, ensuring accuracy, and limiting retention. It also created a system of registration for data users and a Data Protection Registrar (later renamed as the Information Commissioner) to oversee and enforce the law. The Data Protection Act 1984 was replaced by the Data Protection Act 1998, which transposed the EU Data Protection Directive 1995 into UK law and extended the scope of data protection to cover manual as well as automated processing of personal data. The Data Protection Act 1998 was further amended by the Data Protection Act 2018, which incorporated the EU General Data Protection Regulation (GDPR) and the Law Enforcement Directive into UK law and made provisions for specific processing situations, such as national security, immigration, and journalism.


Reference:

Data Protection Act 1984
Council of Europe Convention 108
Data Protection Act 1998
Data Protection Act 2018



A company has twenty retail outlets in France and thirty retail outlets in Belgium The payroll department and the Data Protection Officer are based in Poland. The Company Board and administrative functions are based in Germany. Determine where the company's 'main establishment' would be

  1. Belgium
  2. France
  3. Germany
  4. Poland

Answer(s): C

Explanation:

The main establishment of a controller or a processor in the EU is the place where the decisions on the purposes and means of the processing of personal data are taken and implemented. According to Recital 36 of the GDPR, the main establishment of a controller with establishments in more than one Member State should be the place of its central administration in the EU, unless the decisions on the processing are taken in another establishment of the controller in the EU and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions should be considered to be the main establishment. Similarly, the main establishment of a processor with establishments in more than one Member State should be the place of its central administration in the EU, or, if the processor has no central administration in the EU, the establishment of the processor in the EU where the main processing activities take place to the extent that the processor is subject to specific obligations under the GDPR. The main establishment is relevant for determining the lead supervisory authority, the applicable law, and the jurisdiction of the courts for cross-border processing of personal data. In this case, the company's main establishment would be Germany, as it is the place where the company board and administrative functions are based and where the decisions on the processing of personal data are likely to be taken and implemented.


Reference:

Recital 36 of the GDPR
Article 4(16) of the GDPR
Article 56 of the GDPR



Under which circumstances can the 'domestic purposes' exemption be used to justify non- compliance with the Data Protection Act 2018?
A) An individual sells make up products for commission and uses social media to promote products to friends and family
B) A couple are planning their daughter's wedding and use excel to store contact details and dietary needs of the guests
C) An individual employs a babysitter and stores her bank details in an encrypted document in order to make payments
D) A pansh council keeps a spreadsheet to manage bookings of the village hall, it contains only contact information and time slots
E) A group of students are arranging a house party and using social media to invite people that they do and do not know

  1. A, B, C, and E
  2. B, C, D, and E
  3. B, and C
  4. A, B,C, and D

Answer(s): C

Explanation:

The domestic purposes exemption applies to personal data processed by an individual only for the purposes of their personal, family or household affairs. This means that the processing has no connection to any professional or commercial activity. Examples of such processing include writing to friends and family, taking pictures for personal enjoyment, or keeping an address book. However, the exemption does not apply if the individual processes personal data outside the reasonable expectations of the data subject, or if the processing causes unwarranted harm to the data subject's interests. Therefore, the exemption can be used to justify non-compliance with the Data Protection Act 2018 in scenarios B and C, where the processing is purely personal and does not affect the rights and freedoms of others. However, the exemption cannot be used in scenarios A, D and E, where the processing has a professional or commercial element, or involves sharing personal data with third parties without consent or legitimate interest.


Reference:

Data Protection Act 2018, Schedule 2, Part 1, Paragraph 21 ICO Guide to Data Protection, Domestic Purposes
ICO Guide to Data Protection, Exemptions






Post your Comments and Discuss BCS PDP9 exam with other Community members:

PDP9 Discussions & Posts