Certified Information Privacy Manager (CIPM) — Question 239

Under the General Data Protection Regulation (GDPR), what obligation does a data controller or processor have after appointing a Data Protection Officer (DPO)?

Answer options

• A. To submit for approval to the DPO a code of conduct to govern organizational practices and demonstrate compliance with data protection principles.
• B. To provide resources necessary to carry out the defined tasks of the DPO and to maintain their expert knowledge.
• C. To ensure that the DPO acts as the sole point of contact for individuals’ questions about their personal data.
• D. To ensure that the DPO receives sufficient instructions regarding the exercise of their defined tasks.

Correct answer: B

Explanation

The correct answer is B because GDPR mandates that data controllers and processors must provide the necessary resources to ensure the DPO can effectively perform their role and maintain their expertise. Options A, C, and D are incorrect as they do not reflect the specific obligation of resource provision as outlined in the regulation.