Certified Information Privacy Manager (CIPM) — Question 180

Which of the following information is NOT required to be provided by the data controller when complying with GDPR "right to access" requirements?

Answer options

• A. The data subject request process.
• B. The purpose of personal data processing.
• C. The name of the Data Protection Officer (DPO).
• D. The type of organizations with whom personal data was shared.

Correct answer: A

Explanation

The correct answer is A because the data subject request process is not a mandatory detail under GDPR for the right to access. In contrast, the purpose of processing, the identification of the DPO, and the types of organizations that received the data are all required disclosures to ensure transparency and accountability.