Certified Information Privacy Professional – Europe (CIPP/E) — Question 36

If a company is planning to use closed-circuit television (CCTV) on its premises and is concerned with GDPR compliance, it should first do all of the following EXCEPT?

Answer options

• A. Notify the appropriate data protection authority.
• B. Perform a data protection impact assessment (DPIA).
• C. Create an information retention policy for those who operate the system.
• D. Ensure that safeguards are in place to prevent unauthorized access to the footage.

Correct answer: A

Explanation

The correct answer is A because notifying the data protection authority is not a mandatory requirement before implementing CCTV under GDPR. Options B, C, and D are essential steps to ensure compliance, as they involve assessing risks, establishing policies, and protecting data integrity.