Certified Information Privacy Manager (CIPM) — Question 193

Which of the following information must be provided by the data controller when complying with the General Data Protection Regulation (GDPR) “right to access” requirements?

Answer options

• A. The purpose of personal data processing.
• B. The data subject’s right to withdraw consent.
• C. The contact details of the Data Protection Officer (DPO).
• D. The type of organizations with whom personal data was shared.

Correct answer: A

Explanation

The correct answer is A because the GDPR mandates that data subjects be informed about the purpose of their personal data processing. Options B, C, and D, while relevant to data subject rights and data processing, do not specifically fulfill the 'right to access' requirement as outlined in GDPR.