IAPP Certified Information Privacy Professional CIPP-E Question # 77 Topic 8 Discussion
CIPP-E Exam Topic 8 Question 77 Discussion:
Question #: 77
Topic #: 8
A worker in a European Union (EU) member state has ceased his employment with a company. What should the employer most likely do in regard to the worker’s personal data?
A.
Destroy sensitive information and store the rest per applicable data protection rules.
B.
Store all of the data in case the departing worker makes a subject access request.
C.
Securely store the data that is required to be kept under local law.
D.
Provide the employee the reasons for retaining the data.
The GDPR requires that personal data be kept for no longer than is necessary for the purposes for which the personal data are processed1. However, the GDPR also allows member states to provide for more specific rules on the processing of employees’ personal data in the employment context, including the retention periods for erasure and deletion of categories of personal data2. Therefore, the employer should securely store the data that is required to be kept under local law, such as tax records, pension records, or health and safety records34. The employer should also ensure that the data is protected from unauthorized or unlawful access, accidental loss, destruction, or damage1. The employer should not store the data for longer than necessary or for purposes other than those for which the data was collected, unless the employee has given consent or there is another legal basis for doing so13. References: 1: Article 5 of the GDPR 2: Article 88 of the GDPR 3: Data Protection and GDPR in the Workplace | Factsheets | CIPD 4: How to Manage the Retention of Employee Data | GDPR Blog
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit