ExpertEasy1 markMultiple Choice
CPA · Question 21 · Area II: Security
Which of the following is a primary responsibility of the 'Data Controller' under GDPR?
Which of the following is a primary responsibility of the 'Data Controller' under GDPR?
Answer options:
A.
Determining the purposes and means of processing personal data.
B.
Processing data only on behalf of the Controller.
C.
Ensuring data is stored only in the US.
D.
Encrypting all public web traffic.
How to approach this question
Differentiate Controller (Boss) vs Processor (Worker).
Full Answer
A.Determining the purposes and means of processing personal data.✓ Correct
Under GDPR, the Data Controller is the entity that determines the purposes and means of the processing of personal data. The Data Processor processes data on behalf of the Controller.
Common mistakes
Confusing Controller and Processor roles.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium