Which of the following information must be provided by the data controller when complying with
GDPR right to be informed requirements?
A. The purpose of personal data processing.
B. The data subjects right to withdraw consent
C. The contact details of the Data Protection Officer (DPO).
D. The name of any organizations with whom personal data was shared.
If your organization has a recurring issue with colleagues not reporting personal data breaches, all of
the following are advisable to do EXCEPT?
“Respond” in the privacy operational lifecycle includes which of the following?
An organization’s internal audit team should do all of the following EXCEPT?
How do privacy audits differ from privacy assessments?
Which of the following is NOT a type of privacy program metric?
Which will best assist you in quickly identifying weaknesses in your network and storage?
There are different forms of monitoring available for organizations to consider when aligning with
their privacy program goals.
Which of the following forms of monitoring is best described as auditing?
What is least likely to be achieved by implementing a Data Lifecycle Management (DLM) program?
Data retention and destruction policies should meet all of the following requirements EXCEPT?
What is most critical when outsourcing data destruction service?
Which of the following best supports implementing controls to bring privacy policies into effect?
A minimum requirement for carrying out a Data Protection Impact Assessment (DPIA) would
Your company wants to convert paper records that contain customer personal information into
electronic form, upload the records into a new third-party marketing tool and then merge the
customer personal information in the marketing tool with information from other applications.
As the Privacy Officer, which of the following should you complete to effectively make these
When devising effective employee policies to address a particular issue, which of the following
should be included in the first draft?