What must be included in a written agreement between the controller and processor in relation to processing conducted on the controller’s behalf?
A.
An obligation on the processor to report any personal data breach to the controller within 72 hours.
B.
An obligation on both parties to report any serious personal data breach to the supervisory authority.
C.
An obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.
D.
An obligation on the processor to assist the controller in complying with the controller’s obligations to notify the supervisory authority about personal data breaches.
Relevant Legislation:
GDPR Article 28(3): Lists the mandatory elements that must be included in the contract between the controller and processor. These include ensuring the processor processes data only on the controller's instructions, ensures confidentiality, takes appropriate security measures, assists the controller in complying with data subject rights, and helps the controller comply with its data protection obligations, including breach notification requirements.
Therefore, the correct answer is D.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ssourav
3 months, 3 weeks ago