IAPP Certified Information Privacy Professional CIPP-E Question # 3 Topic 1 Discussion
CIPP-E Exam Topic 1 Question 3 Discussion:
Question #: 3
Topic #: 1
What must be included in a written agreement between the controller and processor in relation to processing conducted on the controller’s behalf?
A.
An obligation on the processor to report any personal data breach to the controller within 72 hours.
B.
An obligation on both parties to report any serious personal data breach to the supervisory authority.
C.
An obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.
D.
An obligation on the processor to assist the controller in complying with the controller’s obligations to notify the supervisory authority about personal data breaches.
According to Article 28(3)(f) of the GDPR, the written agreement between the controller and the processor must include an obligation on the processor to assist the controller in ensuring compliance with the controller’s obligations pursuant to Articles 32 to 36 of the GDPR. These obligations include notifying the supervisory authority and the data subjects about personal data breaches, as well as conducting data protection impact assessments and consulting with the supervisory authority when required. The processor must assist the controller by taking appropriate technical and organisational measures, insofar as this is possible, and considering the nature of the processing and the information available to the processor. References:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit