Practice Questions for Prac Cert Online Exam PDF

Summary

This document contains practice questions focused on data protection and management topics, including DPMP. The questions cover various aspects of the subject matter, including key steps in a DPMP program, benefits of implementing it, and relevant risks related to data protection.

Full Transcript

## Data Protection Management Program

### Question 1

A Data Protection Management Program (DPMP) is a four-step program to help organizations establish a robust personal data protection infrastructure, as diagrammed below.

* **Step 1**
* **Step 2**
* **Step 3**
* **Step 4**

The following are the four (4) steps in the DPMP program, list the four steps (a to d) in order:
* a. Develop DPMP
* b. Maintain DPMP
* c. Identify PD Handled
* d. Identify, Assess and Manage Risks

| **Step** | **Answer** |
|---|---|
| **Step 1** | Identify PD Handled (c) |
| **Step 2** | Identify, Assess and Manage Risks (d) |
| **Step 3** | Develop DPMP (a) |
| **Step 4** | Maintain DPMP (b) |

### Question 2

Sam was appointed as a DPO recently in a Singapore organization. At a Ninjitsu training, he met his classmate who happened to be an experienced DPO. Sam wanted to understand a bit more of DPMP's benefit. His classmate explained the benefits of organizations implementing DPMP, including the following key points, **except for**:

* To help an organization demonstrate accountability in data protection.
* To help organizations develop, manage, and maintain a robust data protection infrastructure.
* **To provide assurance that the organization doesn't need extra policies/processes to comply with PDPC.**
* To help foster a culture of data protection within the organization.

### Question 3

One of the key strategies in DPMP is policy, where organizations need to develop a personal data protection policy. Policies have a life cycle with four (4) steps in the following diagram:

* **Step 4**
* **Step 1**
* **Step 3**
* **Step 2**

List the steps in order of the life cycle of a DPMP policy diagram with the four (4) steps from (a) to (d) below:

* a) Communicate policies to stakeholders.
* b) Get Management Approval for the policies.
* c) Draft, review, and revise the policies.
* d) Train staff and enforce policies.

| **Step** | **Answer** |
|---|---|
| **Step 1** | Draft, review, and revise the policies (c) |
| **Step 2** | Get Management Approval for the policies (b) |
| **Step 3** | Communicate policies to stakeholders (a) |
| **Step 4** | Train staff and enforce policies (d) |

### Question 4

Under the People approach of DPMP, there is a need for training to develop general staff, which could be as follows:

1. Educate staff on the PDPA and the organization's data protection policies and processes.
2. Make available data protection training materials in an accessible platform (e.g., intranet).
3. Rationalize business benefits of personal data protection.
4. Suggested topics include: Importance of Personal Data Protection.

**Only management**

Identify which of the above points are true with regards to the training needs of staff.

* 1, 2 and 3
* 1, 2 and 4
* Only 3 and 4
* **All 1 to 4 are needed to training general staff.**

### Question 5

For Process strategy under DPMP, the following points are used to ensure processes are done well, **except for**:

* Important to use PATO supplied by PDPC.
* **Develop & enforce Data Protection Policy.**
* Set up SOPs in the organization for data protection processes.
* All of the above.

### Question 6

Which of the following risks is not associated with data protection:

* Managing data intermediary risks
* Managing risk related to data sharing
* Managing risk related to the appointment of key personnel
* **Managing risk related to outsourcing of IT services**

### Question 7

The Data Protection Impact Assessment can be conducted in six (6) phases. The first two (2) phases are Phase 1 (Assess need for DPIA) and Phase 2 (Plan DPIA). Arrange the remaining four (4) phases in the correct sequence:

* a) Implement & Monitor Action Plan
* b) Identify Persona Data (PD) and PD Flows
* c) Create Action Plan
* d) Identify & Assess Data Protection Risks

| **Phase** | **Answer** |
|---|---|
| **Phase 1** | Identify Persona Data (PD) and PD Flows (b) |
| **Phase 2** | Identify & Assess Data Protection Risks (d) |
| **Phase 3** | Create Action Plan © |
| **Phase 4** | Implement & Monitor Action Plan (a) |

### Question 8

As part of Data Breach Notification obligation, a data intermediary has the:

* Duty to notify the affected individuals.
* Duty to notify the PDPC.
* Duty to notify the data controller.
* **Duty to conduct assessment**

### Question 9

Which of the following are options that the PDPC can take with regard to enforcement:

1. Voluntary undertaking
2. Suspension / discontinuation
3. Expedited breach decision
4. Full investigation

* 4 only
* 3 & 4 only
* **1, 3 & 4 only**
* All 1 to 4 of the above

### Question 10

David, who is the HR Assistant Director of a manufacturing company, misplaced his company-issued hard-disk in his office premises on a Friday evening. The hard disk, which has the label "Property of HR department" pasted on it, contains the entire database of their 800 employees' personal data.

The cleaning lady, who comes in very early on Monday morning to clean up the office before the employees arrive, found the misplaced hard-disk and handed it to her supervisor who immediately returned it to the HR department.

**Internal breach**

Who should the organization notify?

* Notify both PDPC and all the employees
* Notify PDPC only
* Notify all the employees
* **Do not need to notify PDPC or affected individuals**