Certified Information Privacy Professional – Europe (CIPP/E) — Question 140

What obligation does a data controller or processor have after appointing a data protection officer?

Answer options

• A. To ensure that the data protection officer receives sufficient instructions regarding the exercise of his or her defined tasks.
• B. To provide resources necessary to carry out the defined tasks of the data protection officer and to maintain his or her expert knowledge.
• C. To ensure that the data protection officer acts as the sole point of contact for individuals’ questions about their personal data.
• D. To submit for approval to the data protection officer a code of conduct to govern organizational practices and demonstrate compliance with data protection principles.

Correct answer: B

Explanation

The correct answer is B because it emphasizes the need for adequate resources and ongoing expert knowledge for the data protection officer to effectively fulfill their role. Option A, while important, does not capture the necessity of resources and expertise. Option C misrepresents the data protection officer's role as the only contact point, which is not their sole function. Option D incorrectly suggests that the code of conduct must be submitted for approval, which is not a requirement.