CIPM Exam - Question 64

Should be C. In Gdpr the controller must execute the dpia, not the processor

Under GDPR, data processors have an obligation to implement appropriate technical and organizational measures that ensure an appropriate level of security for personal data, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. This includes measures such as pseudonymization and encryption of personal data, ensuring the confidentiality, integrity, availability, and resilience of processing systems and services, and regularly testing, assessing, and evaluating the effectiveness of security measures.

Ans should be C. Art. 32 GDPR - Security of processing

Art 32 (1) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

Hi, Article 35 of the GDPR, Processors must carry out DPIA under some conditions such as processing sensitive data, the use of new tech, processing health data , protecting of public health, large-scale processing of personal data.

Should be C

should be C

C:\ One obligation that the General Data Protection Regulation (GDPR) imposes on data processors is the requirement to implement appropriate technical and organizational measures to ensure the security of personal data. This includes measures such as encryption, pseudonymization, and regular testing and evaluation of the effectiveness of security measures.