In which of the following cases, cited as an example by a WP29 guidance, would conducting a single data protection impact assessment to address multiple processing operations be allowed?
A.
A medical organization that wants to begin genetic testing to support earlier research for which they have performed a DPIA.
B.
A data controller who plans to use a new technology product that has already undergone a DPIA by the product’s provider.
C.
A marketing team that wants to collect mailing addresses of customers for whom they already have email addresses.
D.
A railway operator who plans to evaluate the same video surveillance in all the train stations of his company.
Relevant Guidance:
WP29 Guidance on DPIA: The Article 29 Working Party (WP29) guidance on DPIAs indicates that a single DPIA can be used to address similar processing operations that present similar risks. This is efficient and ensures consistency in addressing data protection risks across similar operations.
Therefore, the correct answer is D
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ssourav
3 months, 3 weeks ago