Certified Information Privacy Manager (CIPM) — Question 10

What is one obligation that the General Data Protection Regulation (GDPR) imposes on data processors?

Answer options

• A. To honor all data access requests from data subjects.
• B. To inform data subjects about the identity and contact details of the controller.
• C. To implement appropriate technical and organizational measures that ensure an appropriate level of security.
• D. To carry out data protection impact assessments in cases where processing is likely to result in high risk to the rights and freedoms of individuals.

Correct answer: C

Explanation

The correct answer is C because GDPR mandates that data processors must implement suitable technical and organizational measures to ensure data security. Options A and B pertain to data subjects' rights and the controller's responsibilities, while D relates to a specific scenario of high risk, which is not a general obligation for all data processors.