Certified Information Privacy Professional – Europe (CIPP/E) — Question 132

When collecting personal data in a European Union (EU) member state, what must a company do if it collects personal data from a source other than the data subjects themselves?

Answer options

• A. Inform the subjects about the collection
• B. Provide a public notice regarding the data
• C. Upgrade security to match that of the source
• D. Update the data within a reasonable timeframe

Correct answer: A

Explanation

The correct answer is A because the General Data Protection Regulation (GDPR) mandates that individuals must be informed when their personal data is collected from third parties. Options B, C, and D do not satisfy the legal requirement to inform the data subjects about the collection, which is the primary obligation under GDPR.