Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-E All Questions

View all questions & answers for the CIPP-E exam
Go to Exam

Exam CIPP-E topic 1 question 59 discussion

Actual exam question from IAPP's CIPP-E
Question #: 59
Topic #: 1
[All CIPP-E Questions]

An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?

  • A. Notify as soon as possible the data protection supervisory authority that a data breach may have taken place.
  • B. Launch an investigation and if nothing is found within one month, notify the data protection supervisory authority.
  • C. Invoke the “disproportionate effort” exception under Article 33 to postpone notifying data subjects until more information can be gathered.
  • D. Immediately notify all the customers of the company that their information has been accessed by an unauthorized person.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Ssourav at July 29, 2024, 4:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ssourav
4 months ago
Selected Answer: A
A. Notify as soon as possible the data protection supervisory authority that a data breach may have taken place: Given the nature of the data involved (names, addresses, and contact details) and the fact that it is unencrypted, there is a significant risk to the rights and freedoms of the data subjects. Therefore, the supervisory authority should be notified without undue delay. GDPR Article Reference: Article 33(1): In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel