If a company is planning to use closed-circuit television (CCTV) on its premises and is concerned with GDPR compliance, it should first do all of the following EXCEPT?
If a company is planning to use closed-circuit television (CCTV) on its premises and is concerned with GDPR compliance, it should first do all of the following EXCEPT?
When a company plans to use closed-circuit television (CCTV) on its premises and is concerned with GDPR compliance, it needs to perform several actions such as conducting a data protection impact assessment (DPIA) to identify risks, creating information retention policies, and ensuring safeguards against unauthorized access. Notifying the appropriate data protection authority, while it might be required in some cases, is not necessarily a first step and is often dependent on specific circumstances related to the CCTV system. Therefore, notifying the authority is something the company can do later after ensuring other critical GDPR compliance steps are addressed.
The correct answer is A. Notify the appropriate data protection authority is not required as a first step for a company planning to use closed-circuit television (CCTV) on its premises. While notifying the data protection authority may be required depending on the specific circumstances of the CCTV system, it is not necessarily the first step that needs to be taken. However, performing a data protection impact assessment (DPIA) is a crucial step for GDPR compliance when implementing CCTV, as it can identify potential privacy risks and help to mitigate them. Creating an information retention policy for those who operate the system, as well as ensuring that safeguards are in place to prevent unauthorized access to the footage, are also important steps to take.
Opps missed EXCEPT, ans is A, you are correct
Nope, DPIA always is the first step
But not C
D is correct ". As stated in Article 25 GDPR, controllers need to implement appropriate data protection technical and organisational measures as soon as they plan for video surveillance, before they start the collection and processing of video footage." https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_201903_videosurveillance.pdf
Answer is B. DPIA is always the first step in a new processing activity
No. The answer is A. Read the question again.