Exin Updated PDPF Exam Questions and Answers by ayaz

Whenever a new technology is applied, a DPIA must be performed. In addition, a DPIA must be performed before starting the processing of personal data. This is important to check for risks to data subjects since data collection.

In its Article 35 the GDPR legislates on the Impact assessment on data protection.

1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.

Transfers based on the laws of the non-EEA country concerned. Incorrect. This would also require an adequacy decision confirming that those laws are sufficient.

Transfers falling under World Trade Organization rules. Incorrect. WTO only covers free trade of goods and services.

Transfers governed by approved binding corporate rules (BCR). Correct. Binding corporate rules approved by a supervisory authority involved make the transfer lawful. (Literature: A, Chapter 7; GDPR Article 47)

Transfers within a global corporation or organization. Incorrect. This would also require that they adopt official binding corporate rules.