Certified Information Privacy Professional – Europe (CIPP/E) — Question 170

What must be included in a written agreement between the controller and processor in relation to processing conducted on the controller’s behalf?

Answer options

• A. An obligation on the processor to report any personal data breach to the controller within 72 hours.
• B. An obligation on both parties to report any serious personal data breach to the supervisory authority.
• C. An obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.
• D. An obligation on the processor to assist the controller in complying with the controller’s obligations to notify the supervisory authority about personal data breaches.

Correct answer: D

Explanation

The correct answer is D because the processor must assist the controller in fulfilling its legal obligations regarding the notification of personal data breaches to the supervisory authority. Options A, B, and C, while important, do not specifically pertain to the processor's obligation to assist the controller in compliance matters.