Certified Information Privacy Professional – Europe (CIPP/E) — Question 189

When assessing the level of risk created by a data breach, which of the following would NOT have to be taken into consideration?

Answer options

• A. The ease of identification of individuals.
• B. The size of any data processor involved.
• C. The special characteristics of the data controller.
• D. The nature, sensitivity and volume of personal data.

Correct answer: B

Explanation

The correct answer is B because the size of the data processor does not directly impact the risk level of a data breach. In contrast, the ease of identifying individuals, the characteristics of the data controller, and the nature and volume of personal data are all critical factors that influence the overall risk assessment.