Certified Information Privacy Professional – Europe (CIPP/E) — Question 282

In the event of a data breach, which type of information are data controllers NOT required to provide to either the supervisory authorities or the data subjects?

Answer options

• A. The predicted consequences of the breach.
• B. The measures being taken to address the breach.
• C. The type of security safeguards used to protect the data.
• D. The contact details of the appropriate data protection officer.

Correct answer: C

Explanation

The correct answer is C, as data controllers are not mandated to disclose the specific type of security safeguards used. However, they are required to inform about the predicted consequences of the breach (A), the measures being taken to address it (B), and the contact details of the data protection officer (D).