Learn the key actions a data controller should take when hiring a data processor to minimize liability risks in the event of a security breach, according to CIPP/E certification exam standards.
Table of Contents
Question
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
A. Documenting due diligence steps taken in the pre-contractual stage.
B. Conducting a risk assessment to analyze possible outsourcing threats.
C. Requiring that the processor directly notifies the appropriate supervisory authority.
D. Maintaining evidence that the processor was the best possible market choice available.
Answer
C. Requiring that the processor directly notifies the appropriate supervisory authority.
Explanation
Under the GDPR, the data controller is primarily responsible for notifying the supervisory authority in case of a personal data breach. While the data processor must inform the controller without undue delay after becoming aware of a breach, the controller cannot rely on the processor to directly notify the supervisory authority to avoid liability. The controller must ensure they have proper processes in place to promptly notify the authorities themselves upon receiving a breach notification from the processor.
IAPP Certified Information Privacy Professional/Europe (CIPP/E) CIPP-E certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the IAPP Certified Information Privacy Professional/Europe (CIPP/E) CIPP-E exam and earn IAPP Certified Information Privacy Professional/Europe (CIPP/E) CIPP-E certification.