nerdexam
IAPP

CIPP-E · Question #67

CIPP-E Question #67: Real Exam Question with Answer & Explanation

The correct answer is A. Notify the appropriate data protection authority.. Under the GDPR, using CCTV on business premises involves the processing of personal data, which requires compliance with the data protection principles and obligations. However, notifying the appropriate data protection authority (DPA) is not one of the steps that a company shoul

Question

If a company is planning to use closed-circuit television (CCTV) on its premises and is concerned with GDPR compliance, it should first do all of the following EXCEPT?

Options

  • ANotify the appropriate data protection authority.
  • BPerform a data protection impact assessment (DPIA).
  • CCreate an information retention policy for those who operate the system.
  • DEnsure that safeguards are in place to prevent unauthorized access to the footage.

Explanation

Under the GDPR, using CCTV on business premises involves the processing of personal data, which requires compliance with the data protection principles and obligations. However, notifying the appropriate data protection authority (DPA) is not one of the steps that a company should take before using CCTV, unless the DPA has specifically requested it or the CCTV involves high- risk processing that requires prior consultation.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CIPP-E Practice