ACFE Exam CFE-Law Topic 4 Question 53 Discussion

Actual exam question for ACFE's CFE-Law exam

Question #: 53
Topic #: 4

Which of the following is NOT a requirement of the European Union's (EU) General Data Protection Regulation (GDPR)?

AAn organization must delete a data subject's personal data automatically when the data are no longer m use.

BAn organization must have a documented lawful basis for collecting or processing personal data.

CAn organization generally must notify all affected data subjects without undue delay when a high-risk data breach occurs

DAn organization must confirm or deny that it possesses a data subject's personal data upon that individual's request

Show Suggested Answer

Suggested Answer: B

by Aleshia at Dec 07, 2024, 11:19 AM

Limited Time Offer

25%

Off

Get Premium CFE-Law Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Weldon

3 days ago

I disagree, I believe the answer is A) An organization must delete a data subject's personal data automatically when the data are no longer in use.

upvoted 0 times

...

Zita

7 days ago

Hmm, I'm going with B. Having a lawful basis for data processing is a core GDPR requirement. The others all sound plausible too.

upvoted 0 times

...

Joesph

10 days ago

Option A? Really? That can't be right - the GDPR definitely requires automatic deletion of personal data when it's no longer needed. This question is way too easy.

upvoted 0 times

Val

5 days ago

A) An organization must delete a data subject's personal data automatically when the data are no longer in use.

upvoted 0 times

...

Scarlet

19 days ago

I think the answer is C) An organization generally must notify all affected data subjects without undue delay when a high-risk data breach occurs.

upvoted 0 times

...