Increase your chances of passing the PECB GDPR exam questions on your first try. Practice with our free online GDPR exam mock test designed to help you prepare effectively and confidently.
Scenario: Bankbio is a financial institution that handles personal data of its customers. Its data processing activities involve processing that is necessary for the legitimate interests pursued by the institution. In such cases, Bankbio processes personal data without obtaining consent from data subjects. Is the data processing lawful under GDPR?
Scenario 8: MA store is an online clothing retailer founded in 2010. They provide quality products at areasonable cost. One thing that differentiates MA store from other online shopping sites is theirexcellent customer service.MA store follows a customer-centered business approach. They have created a user-friendly websitewith well-organized content that is accessible to everyone. Through innovative ideas and services,MA store offers a seamless user experience for visitors while also attracting new customers. Whenvisiting the website, customers can filter their search results by price, size, customer reviews, andother features. One of MA store's strategies for providing, personalizing, and improving its productsis data analytics. MA store tracks and analyzes the user actions on its website so it can createcustomized experience for visitors.In order to understand their target audience, MA store analyzes shopping preferences of itscustomers based on their purchase history. The purchase history includes the product that wasbought, shipping updates, and payment details. Clients' personal data and other information relatedto MA store products included in the purchase history are stored in separate databases. Personalinformation, such as clients' address or payment details, are encrypted using a public key. Whenanalyzing the shopping preferences of customers, employees access only the information about theproduct while the identity of customers is removed from the data set and replaced with a commonvalue, ensuring that customer identities are protected and cannot be retrieved.Last year, MA store announced that they suffered a personal data breach where personal data ofclients were leaked. The personal data breach was caused by an SQL injection attack which targetedMA stores web application. The SQL injection was successful since no parameterized queries wereused.Based on this scenario, answer the followingHow could MA store prevent the SQL attack described in scenario 8?
According to the principle of data minimization, data must be:
Under GDPR, the controller must demonstrate that data subjects have consented to the processing of their personal data, and the consent must be freely given. What is the role of the DPO in ensuring compliance with this requirement?
According to the principle of data minimization, data must be:
© Copyrights FreeMockExams 2026. All Rights Reserved
We use cookies to ensure that we give you the best experience on our website (FreeMockExams). If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the FreeMockExams.
Full Access to 80 Questions