If a company receives an anonymous email demanding ransom for the stolen personal data of its clients, what must the company do next, per GDPR requirements?
A.
Notify the police and file a criminal complaint about the incident.
B.
Start an investigation to understand the incident's possible scope, duration and nature.
C.
Send a notification to the competent supervisory authority describing the incident.
D.
Send an email about the incident to all clients and ask them to change their passwords.
If the email only claims that personal data has been stolen it is answer B. If a breach indeed took place then, i may assume,the SA would already have been informed prior to the receiving of a ransom email. Answer C would apply but already a bit too late IMHO
C. Send a notification to the competent supervisory authority describing the incident.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JacHa
4 days, 22 hours agoSsourav
6 months ago