CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. BCS
  5. PDP9

Free PDP9 Exam Braindumps (page: 3)

Page 2 of 11
PDF with 40 Questions

What is the meaning of storage limitation in relation to UK GDPR Article 5 (1 )(e)?

  1. Keeping identifiable personal data for no longer than is necessary for the intended processing
  2. Storing data in a secure format only permitting access to those with a business need
  3. Only storing data in locations within the EU. except where there is an adequacy decision.
  4. Limiting the number of records stored in any single repository to minimise risk surface.

Answer(s): A

Explanation:

Storage limitation is one of the principles of data protection under the UK GDPR. It means that personal data should not be kept in a form that allows identification of data subjects for longer than is necessary for the purposes for which the data are processed. The UK GDPR does not specify any fixed time limits for different types of data, but rather requires data controllers to determine and justify the appropriate retention periods for their processing activities, taking into account factors such as the nature, scope, context and purposes of the processing, the risks to the rights and freedoms of data subjects, and the legal obligations and expectations of the data controller. Data controllers should also have a policy setting out standard retention periods where possible, and review the data they hold regularly to ensure that it is erased or anonymised when it is no longer needed. Data subjects have the right to request the erasure of their personal data if the data controller no longer has a lawful basis or a legitimate interest for keeping it. The UK GDPR allows for some exceptions to the storage limitation principle, such as when the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to appropriate safeguards for the rights and freedoms of data subjects.


Reference:

UK GDPR, Article 5 (1) (e) and (2)
UK GDPR, Article 17
UK GDPR, Article 89
ICO Guide to Data Protection, Storage Limitation



Which of the below would be the BEST example of processing that could utilise the Public Interest Task lawful basis?

  1. A health authority processing the personal information of its staff in order to record all training undertaken
  2. A debt collection agency processing information relating to unpaid fines for misuse of community council car parking.
  3. A local authority processing the personal information of the person responsible for paying council tax
  4. A tax authority drops cookies on the devices of visitors to its website

Answer(s): C

Explanation:

The public interest task lawful basis applies to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The relevant task or authority must have a clear basis in domestic law, such as a statutory power, a common law duty, or a function of the Crown, central or local government. The processing must also be necessary, meaning that there is no reasonable and less intrusive way to achieve the same purpose. The public interest task lawful basis is most relevant to public authorities, but it can also apply to any organisation that exercises official authority or carries out tasks in the public interest. In scenario C, a local authority processing the personal information of the person responsible for paying council tax is likely to rely on the public interest task lawful basis, as it is performing a task in the public interest that is laid down by law, namely the Local Government Finance Act 1992, and the processing is necessary for the collection and administration of council tax. In contrast, scenarios A, B and D are less likely to qualify for the public interest task lawful basis, as they do not involve a clear task or authority that is set out in law, or that serves the public interest. For example, a health authority processing the personal information of its staff in order to record all training undertaken may have a different lawful basis, such as legitimate interests or contractual necessity. A debt collection agency processing information relating to unpaid fines for misuse of community council car parking may not have any official authority or public interest justification for its processing. A tax authority dropping cookies on the devices of visitors to its website may not be able to demonstrate that the processing is necessary for its official functions, and may also need to comply with the Privacy and Electronic Communications Regulations (PECR) for the use of cookies.


Reference:

UK GDPR, Article 6 (1) (e) and (3)
ICO Guide to Data Protection, Public Task
Local Government Finance Act 1992



Article 9(2)(c) of UK GDPR condition of processing special category data in the vital interests of the data subject is only applicable in which of the following circumstances:

  1. When another lawful basis applies.
  2. When a data subject is incapacitated
  3. When the data subject is physically unable to be present
  4. When the data subject refuses to consent

Answer(s): B

Explanation:

Article 9(2)© of UK GDPR allows the processing of special category data when it is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent. This means that the data subject is unable to exercise their right to consent or object to the processing, either because they are unconscious, in a coma, suffering from a severe mental disorder, or otherwise unable to communicate their wishes. This condition is intended to cover emergency situations, such as life-threatening medical interventions, where the data subject's consent cannot be obtained in time. It does not apply when another lawful basis applies, when the data subject is physically absent but still capable of giving consent, or when the data subject refuses to consent.


Reference:

Article 9(2)© of UK GDPR
ICO guidance on special category data



What is the basis of the accountability and data governance obligation (Article 5 (2) of the GDPR)?

  1. The controller shall appoint a DPO before carrying out large scale processing
  2. The controller shall be responsible for. and be able to demonstrate compliance with the data protection principles.
  3. Controllers and Processors each have a responsibility to conduct legitimate interests balancing tests before processing data for direct marketing
  4. Processors have overarching responsibility to ensure their processing is compliant

Answer(s): B

Explanation:

Article 5(2) of the GDPR introduces the principle of accountability, which requires that the controller is responsible for, and be able to demonstrate compliance with, the data protection principles set out in Article 5(1). These principles are: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and data protection by design and by default. The controller must implement appropriate technical and organisational measures to ensure and demonstrate compliance, such as policies, procedures, records, audits, reviews, and DPIAs. The controller must also cooperate with the supervisory authority and provide any information requested by it. The other options are not the basis of the accountability and data governance obligation, although they may be related to other obligations under the GDPR.


Reference:

Article 5(2) of the GDPR
ICO guidance on accountability and governance






Post your Comments and Discuss BCS PDP9 exam with other Community members:

PDP9 Discussions & Posts