Certified Information Privacy Professional – Europe (CIPP/E) — Question 214

A company plans to transfer employee health information between two of its entities in France. To maintain the security of the processing, what would be the most important security measure to apply to the health data transmission?

Answer options

• A. Inform the data subject of the security measures in place.
• B. Ensure that the receiving entity has signed a data processing agreement.
• C. Encrypt the transferred data in transit and at rest.
• D. Conduct a data protection impact assessment.

Correct answer: C

Explanation

Encrypting the transferred data in transit and at rest is essential to protect sensitive health information from unauthorized access. While informing the data subject and having a data processing agreement are important, they do not provide the same level of security as encryption. Conducting a data protection impact assessment is a good practice, but it is not a direct security measure for the data transmission itself.