Certified Information Privacy Technologist (CIPT) — Question 279

An organization is using new technologies that will target and process personal data of EU customers. In which of the following circumstances would a privacy technologist need to support a data protection impact assessment (DPIA)?

Answer options

• A. If there is surveillance of a private space
• B. If a large amount of personal data will be collected.
• C. If security of data processing has not been evaluated
• D. If data processing is a high risk to an individual's rights and freedoms.

Correct answer: D

Explanation

A data protection impact assessment (DPIA) is necessary when data processing is likely to result in a high risk to individuals' rights and freedoms, which is why option D is correct. Options A, B, and C may indicate situations that require consideration but do not independently trigger the need for a DPIA.