Certified Information Privacy Manager (CIPM) — Question 215

Under the General Data Protection Regulation (GDPR), which situation would be LEAST likely to require a Data Protection Impact Assessment (DPIA)?

Answer options

• A. A health clinic processing its patients’ genetic and health data
• B. The use of a camera system to monitor driving behavior on highways
• C. A Human Resources department using a tool to monitor its employees’ internet activity
• D. An online magazine using a mailing list to send a generic daily digest to marketing emails

Correct answer: D

Explanation

Option D is correct because sending a generic daily digest to marketing emails does not involve processing sensitive personal data or pose a high risk to individuals' rights and freedoms. In contrast, options A, B, and C involve processing sensitive data or could significantly impact individuals' privacy, making a DPIA more necessary in those situations.