Certified Information Privacy Professional – Europe (CIPP/E) — Question 41

Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?

Answer options

• A. Data subjects must be sufficiently informed of the purposes for which their personal data is processed.
• B. Processing of special categories of personal data on a large scale requires appointing a DPO.
• C. Personal data of data subjects must always be accurate and kept up to date.
• D. Data controllers must be in control of the data they hold at all times.

Correct answer: D

Explanation

The correct answer is D because organizations with BYOD programs often struggle to maintain full control over personal data due to the decentralized nature of devices. Options A, B, and C, while important, do not inherently create the same level of challenge regarding data control as required by GDPR.