nerdexam
IAPP

CIPP-E · Question #109

CIPP-E Question #109: Real Exam Question with Answer & Explanation

The correct answer is A. Incidents of personal data breaches, whether disclosed or not.. Article 30 of the GDPR requires controllers and processors to maintain records of their processing activities, which include information such as the purposes of the processing, the categories of personal data, the recipients of the data, the retention periods, and the security me

Question

Under Article 30 of the GDPR, controllers are required to keep records of all of the following EXCEPT?

Options

  • AIncidents of personal data breaches, whether disclosed or not.
  • BData inventory or data mapping exercises that have been conducted.
  • CCategories of recipients to whom the personal data have been disclosed.
  • DRetention periods for erasure and deletion of categories of personal data.

Explanation

Article 30 of the GDPR requires controllers and processors to maintain records of their processing activities, which include information such as the purposes of the processing, the categories of personal data, the recipients of the data, the retention periods, and the security measures. However, Article 30 does not require controllers to keep records of incidents of personal data breaches, whether disclosed or not. This is a separate obligation under Article 33 and Article 34, which require controllers to notify the supervisory authority and the data subjects of any personal data breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CIPP-E Practice