ExpertMedium1 markMultiple Choice
CPA · Question 36 · Area II: Security
A company is subject to GDPR. A data breach occurs involving unencrypted personal data of 5,000 customers. Within what timeframe must the company generally notify the supervisory authority?
A company is subject to GDPR. A data breach occurs involving unencrypted personal data of 5,000 customers. Within what timeframe must the company generally notify the supervisory authority?
Answer options:
A.
24 hours
B.
48 hours
C.
72 hours
D.
30 days
How to approach this question
Recall the specific GDPR breach notification deadline.
Full Answer
C.72 hours✓ Correct
GDPR mandates a 72-hour notification window for breaches likely to result in a risk to rights and freedoms.
Common mistakes
Confusing breach notification (72h) with SAR response (1 month).
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium