The EDPB’s Guidelines 4/2019 on GDPR Article 25 Data Protection by Design and by Default cover pseudonymization, access control, and more – but not this one key practice.
Table of Contents
Question
In the EDPB’s Guidelines 4/2019 on Article 25 Data Protection by Design and by Default, all of the following practices follow from the principles relating to the processing of personal data under EU data protection law EXCEPT?
A. Data ownership allocation.
B. Access control management.
C. Frequent pseudonymization key rotation.
D. Error propagation avoidance along the processing chain.
Answer
A. Data ownership allocation.
Explanation
The European Data Protection Board’s Guidelines 4/2019 on Article 25 of the GDPR regarding Data Protection by Design and by Default outline several key practices that follow from the data protection principles in EU law. However, data ownership allocation is not one of the practices specifically covered in these guidelines.
The practices that are mentioned as following from EU data protection principles include:
B. Access control management – Implementing strict access controls is key to ensuring that personal data is only accessed by authorized individuals for legitimate purposes.
C. Frequent pseudonymization key rotation – Regularly changing the keys used for pseudonymizing personal data helps maintain the security and privacy of the pseudonymized information over time.
D. Error propagation avoidance along the processing chain – Taking steps to prevent and contain errors from spreading throughout the data processing workflow is important for maintaining data accuracy and integrity.
While allocating data ownership roles and responsibilities is certainly a best practice, it is not one of the specific practices highlighted in the EDPB’s Article 25 guidelines as directly stemming from core EU data protection principles. The guidelines focus more on technical and organizational measures for implementing data protection by design and by default in data processing systems and activities.
In summary, of the options provided, data ownership allocation is the one practice not covered in the EDPB’s Guidelines 4/2019 on Article 25 of the GDPR regarding data protection by design and by default. The guidelines instead focus on other key practices like access controls, pseudonymization, and error prevention that more directly follow from EU data protection principles.
IAPP CIPP-E certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IAPP CIPP-E exam and earn IAPP CIPP-E certification.