Privacy & Data Protection Essentials Courseware - English. Ruben Zeegers
Defining a minimum set of measures to be taken to protect personal data.
C) Investigation of all data breaches of which they have been notified.
D) Review of contracts and BCRs on compliance with the regulations.
A) Correct. One of the responsibilities of DPAs is to provide general advice on how to comply with the regulations. Source: White Paper – Privacy, Personal Data and the GDPR - §7.1.4 To set standards.
B) Incorrect. A Supervisory Authority will give general advice on what they consider an appropriate level of security. They will however not tell you what specific measures you need to take to achieve that level. Even if they want to they would not be able to, because there simply is no one-size-fits-all solution.
C) Incorrect. DPAs don’t have the obligation, nor the capacity to investigate all breaches they know of. But they will investigate those they deem significant or noteworthy.
D) Incorrect. A DPA is not a legal counsel. They don’t review contracts or Binding Corporate Rules. However, in the course of an investigation they might take a look at a specific contract or set of BCRs.
16 / 20 Binding corporate rules are a means for organizations to ease their administrative burden when complying with the GDPR.
How do these rules help them?
A) They allow them to have underpinning contracts with all parties involved abroad.
B) They allow them to let third parties outside the European Economic Area process personal data.
C) They avoid the need to approach each supervisory authority in the EU separately.
D) They prevent them from having to ask a supervisory authority for permission for the processing of the data once their BCR are accepted.
A) Incorrect. BCRs are drafted so organizations do not have to use written underpinning contracts for each affiliate separately.
B) Incorrect. BCRs are valid within an organization and all its affiliates only. They do not apply to other parties.
C) Correct. Once BCRs are approved by one DPA inside the EU you don’t have to ask the other DPAs inside the EU to approve them anymore. Source: EU GDPR, A pocket guide - Chapter 3 The Regulation – Binding corporate rules
D) Incorrect. BCR must be authorized by a DPA too.
17 / 20 What should be done so that a Controller is able to outsource the processing of personal data to a Processor?
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.