Examice

Exam CIPM All QuestionsBrowse all questions from this exam

Question 15

Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?

The DPIA result must be reported to the corresponding supervisory authority.

The DPIA report must be published to demonstrate the transparency of the data processing.

The DPIA must include a description of the proposed processing operation and its purpose.

The DPIA is required if the processing activity entails risk to the rights and freedoms of an EU individual.

Correct Answer: C

The DPIA must include a description of the proposed processing operation and its purpose. This is a requirement detailed in Article 35 of the GDPR, which specifies that the DPIA must contain a systematic description of the envisaged processing operations and the purposes of the processing.

Discussion

xBowseRxOption: C

C. The DPIA must include a description of the proposed processing operation and its purpose. The GDPR requires that a DPIA contain "a systematic description of the envisaged processing operations and the purposes of the processing" as one of its key elements. This is clearly stated in Article 35 of the GDPR which outlines the requirements for conducting a DPIA. For D,The DPIA is specifically required when the data processing is "likely to result in a high risk to the rights and freedoms of natural persons", not just if there is any risk involved.

thecheaterzOption: C

DPIA only required for high risk