If a company receives an anonymous email demanding ransom for the stolen personal data of its clients, what must the company do next, per GDPR requirements?
A.
Notify the police and file a criminal complaint about the incident.
B.
Start an investigation to understand the incident's possible scope, duration and nature.
C.
Send a notification to the competent supervisory authority describing the incident.
D.
Send an email about the incident to all clients and ask them to change their passwords.
If someone sends email that they have stolen data from arganisation, Firstly, it should start investigation and determine whether data breach actually happend, and if yes, figure out scope, nature and risk to data subjects.
Then you can notify DPA.
How can you notify DPA by just receiving the mail and not yet confirmed if actually happened.
If the email only claims that personal data has been stolen it is answer B. If a breach indeed took place then, i may assume,the SA would already have been informed prior to the receiving of a ransom email. Answer C would apply but already a bit too late IMHO
C. Send a notification to the competent supervisory authority describing the incident.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CIPP-E Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Vijay7777
6 days, 7 hours agoJacHa
5 months, 2 weeks agoSsourav
11 months, 2 weeks ago