Exam CIPM topic 1 question 130 discussion

Given that Article 25 (data protection by design and by default) and Article 32 (security of processing) fall under Article 83(4), which covers the lower tier of fines up to €10,000,000 or 2% of total worldwide annual turnover, both are relevant here.

D. Failure to provide the means for a data subject to rectify inaccuracies in personal data According to the GDPR, violations of certain obligations can result in administrative fines of up to 10,000,000 EUR or, in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher. One such obligation is the failure to provide the means for a data subject to rectify inaccuracies in personal data, as stipulated under GDPR Article 16. In contrast, the other listed failures (such as failure to demonstrate consent, failure to implement data protection by design and default, and failure to process personal information in a manner compatible with its original purpose) are subject to higher fines, up to 20,000,000 EUR or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

B, B & D is gross misconduct and would result in higher fine- 4%

should be B

The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. They include any violation of the articles governing: Controllers and processors (Articles 8, 11, 25-39, 42, and 43) — Organizations that collect and control data (controllers) and those that are contracted to process data (processors) must adhere to rules governing data protection, lawful basis for processing, and more. As an organization, these are the articles you need to read and adhere to. https://gdpr.eu/fines/

For me A and B but - failing to demonstrate that consent was given by the data subject for processing their personal data (where consent is the basis for processing) can result in administrative fines of up to €10 million, or 2% of the total worldwide annual turnover of the preceding financial year, whichever amount is higher.

should be B

B. Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default The GDPR sets different tiers of administrative fines based on the severity of the infringement. Failing to implement data protection by design and default is subject to the lower tier of fines, which can go up to 10 million EUR or 2% of the company’s global annual revenue, whichever is higher.

Should be B

B should be the answer, the rest result in tier 2 fines

i would suggest letter B