nerdexam
EXIN

PDPF · Question #79

PDPF Question #79: Real Exam Question with Answer & Explanation

The correct answer is D. Send the notification, even after 72 hours, accompanied by the reasons for the delay. Article 33 which deals with "Notification of a personal data breach to the supervisory authority" in its paragraph 1 legislates: 1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become awa

Question

We know that when a personal data breach occurs, the data controller (Controller) must notify the Supervisory Authority within 72 hours, without justified delay. However, should the Controller do if it is unable to communicate within this time?

Options

  • ASend the notification with the date of the violation changed, to remain within 72 hours.
  • BAfter 72 hours there is no longer any need to send notification of personal data breach.
  • CDo not notify and seek ways to hide the violation so that the Supervisory Authority or the
  • DSend the notification, even after 72 hours, accompanied by the reasons for the delay

Explanation

Article 33 which deals with "Notification of a personal data breach to the supervisory authority" in its paragraph 1 legislates: 1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PDPF Practice