Exam CIPP-E topic 1 question 79 discussion

The correct answer is A. Notify the appropriate data protection authority is not required as a first step for a company planning to use closed-circuit television (CCTV) on its premises. While notifying the data protection authority may be required depending on the specific circumstances of the CCTV system, it is not necessarily the first step that needs to be taken. However, performing a data protection impact assessment (DPIA) is a crucial step for GDPR compliance when implementing CCTV, as it can identify potential privacy risks and help to mitigate them. Creating an information retention policy for those who operate the system, as well as ensuring that safeguards are in place to prevent unauthorized access to the footage, are also important steps to take.

A. Notify the appropriate data protection authority. Explanation: A. Notify the appropriate data protection authority: Under the GDPR, notifying the data protection authority is not typically required for the use of CCTV unless there is a high risk that cannot be mitigated. Instead, the focus is on ensuring compliance through internal measures.

Answer is B. DPIA is always the first step in a new processing activity

D is correct ". As stated in Article 25 GDPR, controllers need to implement appropriate data protection technical and organisational measures as soon as they plan for video surveillance, before they start the collection and processing of video footage." https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_201903_videosurveillance.pdf

But not C

Opps missed EXCEPT, ans is A, you are correct

Nope, DPIA always is the first step