Certified Information Privacy Professional – Europe (CIPP/E) — Question 104

You are the new Data Protection Officer for your company and have to determine whether the company has implemented appropriate technical and organizational measures as required by Article 32 of the GDPR. Which of the following would be the most important to consider when trying to determine this?

Answer options

• A. How security measures might evolve in the future.
• B. Which security measures are endorsed by a majority of experts.
• C. How the public perceives what constitutes adequate security measures.
• D. Which kinds of security measures your company has employed in the past.

Correct answer: B

Explanation

The correct answer is B because relying on measures that are widely endorsed by experts ensures that the company is aligned with best practices in the field. Option A is less relevant as future evolution doesn't address current compliance needs, while C focuses on public perception that may not reflect actual security effectiveness. Option D considers past measures, which may not be applicable or sufficient for current compliance requirements.