Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam
Go to Exam

Exam CIPM topic 1 question 66 discussion

Actual exam question from IAPP's CIPM
Question #: 66
Topic #: 1
[All CIPM Questions]

Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?

  • A. An obligation on the processor to report any personal data breach to the controller within 72 hours.
  • B. An obligation on both parties to report any serious personal data breach to the supervisory authority.
  • C. An obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.
  • D. An obligation on the processor to assist the controller in complying with the controller's obligations to notify the supervisory authority about personal data breaches.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by prathibs at July 30, 2023, 10:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thecheaterz
6 months, 1 week ago
Selected Answer: D
Not A, this is to be agreed between the contracting parties. 72 hours reporting relates to notifying the SA.
upvoted 2 times
...
humhain
9 months ago
Selected Answer: A
An obligation on the processor to report any personal data breach to the controller within 72 hours.
upvoted 1 times
...
carlosbui
1 year ago
should be D
upvoted 1 times
...
Ssourav
1 year, 3 months ago
Selected Answer: D
Art 28 3 (f)assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor; that includes data breach notification
upvoted 2 times
...
Ssourav
1 year, 3 months ago
Selected Answer: A
Article 28 of the GDPR specifies the details that should be included in the contract between the controller and the processor. One of these is the obligation on the processor to notify the controller without undue delay upon becoming aware of a personal data breach. The exact timeframe (like the 72 hours) is not specified in this context in Article 28, but the principle of notifying the controller without undue delay is there.
upvoted 1 times
...
DracoL
1 year, 3 months ago
Selected Answer: D
Controller need to notified regulator and data subject wihin 72 hours. So the data processor need to inform controller a lot faster and assist the controller obligations.
upvoted 4 times
...
emily0922
1 year, 3 months ago
Should be D
upvoted 2 times
...
prathibs
1 year, 4 months ago
It is D
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel