CIPP-E · Question #29
CIPP-E Question #29: Real Exam Question with Answer & Explanation
The correct answer is D. Within one month of receipt, which may be extended by an additional two months. According to the GDPR, data controllers must respond to a data access request (also known as a subject access request or SAR) without undue delay and in any event within one month of receipt of the request. This time limit can be extended by a further two months if the request is
Question
Options
- AWithin 40 days of receipt
- BWithin 40 days of receipt, which may be extended by up to 40 additional days
- CWithin one month of receipt, which may be extended by up to an additional month
- DWithin one month of receipt, which may be extended by an additional two months
Explanation
According to the GDPR, data controllers must respond to a data access request (also known as a subject access request or SAR) without undue delay and in any event within one month of receipt of the request. This time limit can be extended by a further two months if the request is complex or if the controller receives a number of requests from the same individual. However, the controller must still inform the individual within one month of receipt of the request and explain why the extension is necessary. The time limit is calculated from the day after the request is received (whether it is a working day or not) until the corresponding calendar date in the next month. If there is no corresponding calendar date, the deadline is the last day of the next month. If the deadline falls on a weekend or public holiday, the response must be provided on the next
Community Discussion
No community discussion yet for this question.