New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPM Topic 6 Question 62 Discussion

Actual exam question for IAPP's CIPM exam
Question #: 62
Topic #: 6
[All CIPM Questions]

Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?

Show Suggested Answer Hide Answer
Suggested Answer: D

Under the General Data Protection Regulation (GDPR), the obligations of a processor that engages a sub-processor are to obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor. The GDPR defines a processor as a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller. A sub-processor is a third party that is engaged by the processor to carry out specific processing activities on behalf of the controller. The GDPR requires that the processor does not engage another processor without prior specific or general written authorization of the controller. In the case of general written authorization, the processor must inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes. The processor must also ensure that the same data protection obligations as set out in the contract or other legal act between the controller and the processor are imposed on that other processor by way of a contract or other legal act under Union or Member State law, .Reference:[GDPR Article 28], [CIPM - International Association of Privacy Professionals]


Contribute your Thoughts:

Tomas
6 months ago
I'm going with option C. The processor must receive a written agreement that the sub-processor will be fully liable to the controller for the performance of its obligations. Gotta cover your bases, you know?
upvoted 0 times
Broderick
5 months ago
Yeah, definitely. It's all about ensuring that the controller's data is protected and that everyone involved is held accountable.
upvoted 0 times
...
Xochitl
6 months ago
I agree, option C seems like the safest choice. It's important to make sure the sub-processor is fully liable.
upvoted 0 times
...
...
Alberta
6 months ago
Haha, I bet the processor wishes they could just take a vacation and let the sub-processor handle everything! But nope, option D is the way to go.
upvoted 0 times
Lucina
5 months ago
It's all about ensuring the sub-processor follows the rules. Option D covers that well.
upvoted 0 times
...
Leslie
5 months ago
Definitely, getting the consent of the controller is key. Option D is the best choice.
upvoted 0 times
...
Alise
6 months ago
Haha, I know right! But they have to make sure the sub-processor complies with data processing obligations.
upvoted 0 times
...
...
Rebbeca
6 months ago
But doesn't D require consent from the controller, while C only requires a written agreement?
upvoted 0 times
...
Sabine
6 months ago
Option B sounds good to me. The processor must obtain the controller's specific written authorization and provide annual reports on the sub-processor's performance.
upvoted 0 times
...
William
6 months ago
I think option D is the correct answer. The processor must obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor.
upvoted 0 times
Cassie
5 months ago
Yes, it's important for the processor to get consent from the controller and ensure the sub-processor handles data responsibly.
upvoted 0 times
...
Twila
5 months ago
I agree, option D seems to be the most accurate. The processor needs to make sure the sub-processor follows the same data processing rules.
upvoted 0 times
...
Dominque
6 months ago
Yes, option D is the way to go. The processor must ensure the sub-processor complies with data processing obligations equivalent to their own.
upvoted 0 times
...
Leandro
6 months ago
It's important for the processor to get the controller's consent and ensure the sub-processor is on the same page with data processing obligations.
upvoted 0 times
...
Lisha
6 months ago
Yes, it's important for the processor to make sure the sub-processor follows the same data processing obligations.
upvoted 0 times
...
Marya
6 months ago
I agree, option D seems to be the most accurate. The processor needs to make sure the sub-processor follows the same data processing rules.
upvoted 0 times
...
Katlyn
6 months ago
I agree with you, option D seems to be the most appropriate choice.
upvoted 0 times
...
...
Burma
6 months ago
I disagree, I believe the correct answer is D.
upvoted 0 times
...
Rebbeca
6 months ago
I think the answer is C.
upvoted 0 times
...

Save Cancel