New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPM Topic 2 Question 65 Discussion

Actual exam question for IAPP's CIPM exam
Question #: 65
Topic #: 2
[All CIPM Questions]

Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?

Show Suggested Answer Hide Answer
Suggested Answer: D

Under the GDPR, a written agreement between the controller and processor in relation to processing conducted on the controller's behalf must include an obligation on the processor to assist the controller in complying with the controller's obligations to notify the supervisory authority about personal data breaches. This is one of the requirements under Article 28(3)(f) of the GDPR, which specifies the minimum content of such an agreement. The other options are not required by the GDPR, although they may be agreed upon by the parties as additional terms.Reference:GDPR, Article 28(3)(f).


Contribute your Thoughts:

Judy
4 months ago
I bet the correct answer is hidden in the fine print, like always. Time to break out the magnifying glass!
upvoted 0 times
...
Krystal
4 months ago
D for sure. The processor is there to help the controller, not cause them more headaches with breaches.
upvoted 0 times
...
Kimbery
4 months ago
Hmm, I'd go with A. The processor has to notify the controller within 72 hours if there's a breach. Gotta stay on top of that GDPR compliance!
upvoted 0 times
Miesha
4 months ago
Yes, A is the right choice. Timely reporting is crucial for GDPR compliance.
upvoted 0 times
...
Dante
4 months ago
I agree, A is the correct option. It's important to act quickly in case of a breach.
upvoted 0 times
...
...
Malinda
4 months ago
B sounds like the correct answer to me. Both parties should report serious breaches to the supervisory authority.
upvoted 0 times
Tracey
3 months ago
B sounds like the correct answer to me. Both parties should report serious breaches to the supervisory authority.
upvoted 0 times
...
Roselle
3 months ago
B) An obligation on both parties to report any serious personal data breach to the supervisory authority.
upvoted 0 times
...
Rosina
4 months ago
A) An obligation on the processor to report any personal data breach to the controller within 72 hours.
upvoted 0 times
...
...
Melodie
5 months ago
I believe option D is also crucial as it ensures the processor assists the controller in fulfilling their obligations.
upvoted 0 times
...
Justine
5 months ago
I agree with Sabina, option A shows that the processor takes data protection seriously.
upvoted 0 times
...
Sommer
5 months ago
Easy, it's D. The processor has to assist the controller in notifying the authority about breaches. Seems straightforward enough.
upvoted 0 times
Herschel
4 months ago
Good to know that there are clear guidelines in place for handling breaches under GDPR.
upvoted 0 times
...
Jerry
4 months ago
Absolutely, cooperation is key when it comes to data protection.
upvoted 0 times
...
Pearly
5 months ago
That makes sense. It's important for both parties to work together in case of a breach.
upvoted 0 times
...
Larue
5 months ago
I agree, it's definitely D. The processor needs to help the controller with notifying the authority.
upvoted 0 times
...
...
Sabina
6 months ago
I think option A is important for ensuring timely reporting of data breaches.
upvoted 0 times
...

Save Cancel