We offer the latest GDPR practice test designed for free and effective online PECB Certified Data Protection Officer certification preparation. It's a simulation of the real GDPR exam experience, built to help you understand the structure, complexity, and topics you'll face on exam day.
According to the principle of data minimization, data must be:
Based on Article 58 of GDPR, what powers must the supervisory authority have?
Scenario 8: MA store is an online clothing retailer founded in 2010. They provide quality products at a
reasonable cost. One thing that differentiates MA store from other online shopping sites is their
excellent customer service.
MA store follows a customer-centered business approach. They have created a user-friendly website
with well-organized content that is accessible to everyone. Through innovative ideas and services,
MA store offers a seamless user experience for visitors while also attracting new customers. When
visiting the website, customers can filter their search results by price, size, customer reviews, and
other features. One of MA store's strategies for providing, personalizing, and improving its products
is data analytics. MA store tracks and analyzes the user actions on its website so it can create
customized experience for visitors.
In order to understand their target audience, MA store analyzes shopping preferences of its
customers based on their purchase history. The purchase history includes the product that was
bought, shipping updates, and payment details. Clients' personal data and other information related
to MA store products included in the purchase history are stored in separate databases. Personal
information, such as clients' address or payment details, are encrypted using a public key. When
analyzing the shopping preferences of customers, employees access only the information about the
product while the identity of customers is removed from the data set and replaced with a common
value, ensuring that customer identities are protected and cannot be retrieved.
Last year, MA store announced that they suffered a personal data breach where personal data of
clients were leaked. The personal data breach was caused by an SQL injection attack which targeted
MA stores web application. The SQL injection was successful since no parameterized queries were
used.
Based on this scenario, answer the following
How could MA store prevent the SQL attack described in scenario 8?
Scenario 3:
COR Bank is an international banking group that operates in 31 countries. It was formed as the
merger of two well-known investment banks in Germany. Their two main fields of business are retail
and investment banking. COR Bank provides innovative solutions for services such as payments, cash
management, savings, protection insurance, and real-estate services. COR Bank has a large number
of clients and transactions. Therefore, they process large information, including clients' personal dat
a. Some of the data from the application processes of COR Bank, including archived data, is operated
by Tibko, an IT services company located in Canada. To ensure compliance with the GDPR, COR Bank
and Tibko have reached a data processing agreement Based on the agreement, the purpose and
conditions of data processing are determined by COR Bank. However, Tibko is allowed to make
technical decisions for storing the data based on its own expertise. COR Bank aims to remain a
trustworthy bank and a long-term partner for its clients. Therefore, they devote special attention to
legal compliance. They started the implementation process of a GDPR compliance program in 2018.
The first step was to analyze the existing resources and procedures. Lisa was appointed as the data
protection officer (DPO). Being the information security manager of COR Bank for many years, Lisa
had knowledge of the organization's core activities. She was previously involved in most of the
processes related to information systems management and data protection. Lisa played a key role in
achieving compliance to the GDPR by advising the company regarding data protection obligations
and creating a data protection strategy. After obtaining evidence of the existing data protection
policy, Lisa proposed to adapt the policy to specific requirements of GDPR. Then, Lisa implemented
the updates of the policy within COR Bank. To ensure consistency between processes of different
departments within the organization, Lisa has constantly communicated with all heads of GDPR.
Then, Lisa implemented the updates of the policy within COR Bank. To ensure consistency between
processes of different departments within the organization, Lisa has constantly communicated with
all heads of departments. As the DPO, she had access to several departments, including HR and
Accounting Department. This assured the organization that there was a continuous cooperation
between them. The activities of some departments within COR Bank are closely related to data
protection. Therefore, considering their expertise, Lisa was advised from the top management to
take orders from the heads of those departments when taking decisions related to their field. Based
on this scenario, answer the following
Considering the GDPR's territorial scope and the data processing agreement between COR Bank and
Tibko, which of the following best describes Tibko's obligations under the GDPR?
Scenario: ChatBubble is a software company that stores personal data, including usernames, emails, and passwords. Last month, an attacker gained access to ChatBubbles system, but the personal data was encrypted, preventing unauthorized access. Should the data subjects be notified in this case?
© Copyrights FreePDFQuestions 2025. All Rights Reserved
We use cookies to ensure that we give you the best experience on our website (FreePDFQuestions). If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the FreePDFQuestions.
Full Access to 80 Questions