Under the General Data Protection Regulation, a bank can process personal data if the processing is:

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Qualified Financial Adviser (QFA) Exam 1 with flashcards and multiple choice questions with helpful hints and explanations. Gear up for success!

Multiple Choice

Under the General Data Protection Regulation, a bank can process personal data if the processing is:

Explanation:
The fundamental idea here is that GDPR allows processing personal data when it is strictly necessary to protect someone’s life or physical integrity. This “vital interests” basis is a narrow exception used in emergencies where there isn’t time to obtain consent, and the processing is essential to avert a serious risk. In a banking context, applying this basis means the bank would only process data if there is a real, imminent threat to someone’s life or safety and the processing is genuinely necessary to address that threat. It isn’t about making the service easier or more efficient, and it isn’t justified by mere oversight by a manager or by purposes unrelated to someone’s safety. It also isn’t about contract performance unless that contract basis is itself needed for the processing. The other statements don’t fit because incidental processing isn’t a recognized basis, senior-manager oversight doesn’t authorize processing on its own, and stating that the data isn’t necessary for contract performance doesn’t establish a valid basis (there are other bases like consent, contract necessity, or legitimate interests that could apply in different contexts, but those must meet their own requirements). So the correct approach is that processing is allowed when it is necessary to protect the vital interests of the data subject or another natural person.

The fundamental idea here is that GDPR allows processing personal data when it is strictly necessary to protect someone’s life or physical integrity. This “vital interests” basis is a narrow exception used in emergencies where there isn’t time to obtain consent, and the processing is essential to avert a serious risk.

In a banking context, applying this basis means the bank would only process data if there is a real, imminent threat to someone’s life or safety and the processing is genuinely necessary to address that threat. It isn’t about making the service easier or more efficient, and it isn’t justified by mere oversight by a manager or by purposes unrelated to someone’s safety. It also isn’t about contract performance unless that contract basis is itself needed for the processing.

The other statements don’t fit because incidental processing isn’t a recognized basis, senior-manager oversight doesn’t authorize processing on its own, and stating that the data isn’t necessary for contract performance doesn’t establish a valid basis (there are other bases like consent, contract necessity, or legitimate interests that could apply in different contexts, but those must meet their own requirements).

So the correct approach is that processing is allowed when it is necessary to protect the vital interests of the data subject or another natural person.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy