Certified Information Privacy Professional – Europe (CIPP/E) — Question 172

There are three domains of security covered by Article 32 of the GDPR that apply to both the controller and the processor. These include all of the following EXCEPT?

Answer options

• A. Consent management and withdrawal.
• B. Incident detection and response.
• C. Preventative security.
• D. Remedial security.

Correct answer: A

Explanation

The correct answer is A because consent management and withdrawal are not considered domains of security under Article 32 of the GDPR. The other options, B, C, and D, directly relate to security measures that must be implemented to protect personal data.