Certified Information Privacy Manager (CIPM) — Question 217

A minimum requirement for carrying out a Data Protection Impact Assessment (DPIA) would include?

Answer options

• A. Processing on a large scale of special categories of data.
• B. Monitoring of a publicly accessible area on a large scale.
• C. Assessment of the necessity and proportionality.
• D. Assessment of security measures.

Correct answer: C

Explanation

The correct answer is C because a DPIA requires an evaluation of whether the data processing is necessary and proportionate to its purpose. Options A and B describe specific scenarios that may require a DPIA, but they do not represent minimum requirements. Option D focuses on security measures, which are important but not a foundational aspect of the DPIA process.