Certified Information Privacy Professional – Europe (CIPP/E) — Question 6

Which of the following describes a mandatory requirement for a group of undertakings that wants to appoint a single data protection officer?

Answer options

• A. The group of undertakings must obtain approval from a supervisory authority.
• B. The group of undertakings must be comprised of organizations of similar sizes and functions.
• C. The data protection officer must be located in the country where the data controller has its main establishment.
• D. The data protection officer must be easily accessible from each establishment where the undertakings are located.

Correct answer: D

Explanation

The correct answer, D, is essential because the data protection officer needs to be reachable by all entities within the group to ensure compliance with data protection regulations. Option A is incorrect as no prior approval from a supervisory authority is required for the appointment. Option B is not a requirement; groups can consist of organizations of varying sizes and functions. Option C is also incorrect since the location of the data protection officer does not have to be where the main establishment is located, as long as they are accessible.