Exam CIPP-E topic 1 question 72 discussion

The proposed "B" is correct. Art 83(3) defines when fines up to 10 million turnover or 2% max are being applied; and applies among other tings to infringement of Art. 25 (Data protection by design and by default): "the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures."

The correct answer is A. Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing is an infringement that may result in an administrative fine of up to 10 million euros (or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year) under the GDPR (Article 83(4)). Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default, failure to process personal information in a manner compatible with its original purpose, and failure to provide the means for a data subject to rectify inaccuracies in personal data are all considered more serious infringements and may result in much higher fines (up to 20 million euros or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher).

B. Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default. GDPR Article Reference: Article 83(4): This Article specifies that infringements of the following provisions shall be subject to administrative fines up to 10 million euros, or up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher: Article 25: Data protection by design and by default. Article 32: Security of processing. Article 33: Notification of a personal data breach to the supervisory authority. Article 34: Communication of a personal data breach to the data subject. Article 35: Data protection impact assessment. Article 36: Prior consultation.

The correct Answer is B. Refer to Article 83(4)(a)

Not A: https://gdpr.eu/fines/ The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. These include any violations of the articles governing: ... The conditions for consent (Article 7) — When an organization’s data processing is justified based on the person’s consent, that organization needs to have the documentation to prove it.

Cannot be A as DSR are higher fines (4%), its D

A is answer