View all questions & answers for the GDPR exam
Question:
What can beincludedin a DPIA?
Documented informationon personal data transfers tothird countries.
Themeasures taken to protect the integrity, availability, and confidentiality of systems.
Assessment of the risksto the rights and freedoms of data subjects.
All of the above.
UnderArticle 35(7) of GDPR, a DPIA must include:
A description of processing activities and their purpose.
An assessment of necessity and proportionality.
An assessment of risks to individuals.
Planned measures to address risks.
Option D is correctbecauseall these elements are essential for a DPIA.
Option A is correctbecausedocumenting cross-border data transfers is requiredunderGDPR Article 35(7)(d).
Option B is correctbecausesecurity measures must be described to mitigate risks.
Option C is correctbecauseassessing risks to individuals is the core function of a DPIA.
References:
GDPR Article 35(7)(DPIA requirements)
Recital 90(DPIA helps controllers manage processing risks)
Submit