A data controller appoints a data protection officer. Which of the following conditions would NOT result in an infringement of Articles 37 to 39 of the GDPR?
A.
If the data protection officer lacks ISO 27001 auditor certification.
B.
If the data protection officer is provided by the data processor.
C.
If the data protection officer also manages the marketing budget.
D.
If the data protection officer receives instructions from the data controller.
A. If the data protection officer lacks ISO 27001 auditor certification.
The GDPR does not mandate that a Data Protection Officer (DPO) hold specific certifications such as ISO 27001 auditor certification. The relevant requirements for a DPO, as per Articles 37 to 39, include having expert knowledge of data protection law and practices and being able to perform the duties specified in the regulation. This does not necessarily include having specific certifications.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Fendou
Highly Voted 1 year, 6 months agoSsourav
Most Recent 3 months, 3 weeks agozero46
11 months, 1 week ago