nerdexam
IAPP

CIPP-E · Question #172

CIPP-E Question #172: Real Exam Question with Answer & Explanation

The correct answer is D. Only if the organization can demonstrate that the request is clearly excessive or misguided.. According to the GDPR, data subjects have the right to access, rectify, erase, restrict, port and object to the processing of their personal data. These rights are not absolute and may be subject to limitations and conditions. One of these conditions is that the controller may ch

Question

An organization receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal data. Under what condition can the organization charge the data subject a fee for processing the request?

Options

  • AOnly where the organization can show that it is reasonable to do so because more than one
  • BOnly to the extent this is allowed under the restrictions on data subjects' rights introduced under
  • COnly where the administrative costs of taking the action requested exceeds a certain threshold.
  • DOnly if the organization can demonstrate that the request is clearly excessive or misguided.

Explanation

According to the GDPR, data subjects have the right to access, rectify, erase, restrict, port and object to the processing of their personal data. These rights are not absolute and may be subject to limitations and conditions. One of these conditions is that the controller may charge a reasonable fee for the administrative costs of complying with the request if it is manifestly unfounded or excessive, in particular because of its repetitive character (Art 12(5) of GDPR). The controller has the burden of proving the manifestly unfounded or excessive character of the request. The fee must not exceed the actual costs incurred by the controller and must not prevent the exercise of the data subject's rights.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CIPP-E Practice