Examice

Exam CIPP-E All QuestionsBrowse all questions from this exam

Question 124

You are the new Data Protection Officer for your company and have to determine whether the company has implemented appropriate technical and organizational measures as required by Article 32 of the GDPR. Which of the following would be the most important to consider when trying to determine this?

How security measures might evolve in the future.

Which security measures are endorsed by a majority of experts.

How the public perceives what constitutes adequate security measures.

Which kinds of security measures your company has employed in the past.

Correct Answer: B

When determining whether the company has implemented appropriate technical and organizational measures as required by Article 32 of the GDPR, it is essential to consider which security measures are endorsed by a majority of experts. This aligns with the requirement to take into account the 'state of the art,' which typically refers to the most current and advanced level of development and recognized standards in the field. Therefore, consulting the consensus among experts would help ensure that the measures are aligned with the latest and most effective security practices.

Discussion

GrzesztofOption: B

Art. 32: 'Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk' 'Majority of experts' seems to me like 'state of the art', so I'm thinking of B