OneTrust Certified Privacy Professional Practice Exam

The assertion that individuals have the right to access and request deletion of their data accurately reflects the principles established under the General Data Protection Regulation (GDPR). GDPR empowers individuals with various rights concerning their personal data, including the right to access their data as well as the right to request its deletion, also known as the "right to be forgotten." This regulation is designed to enhance individuals' control over their personal information and ensure that they can manage their data privacy effectively.

Under the GDPR, individuals can make a request to access their personal data held by organizations and receive confirmation of whether their data is being processed, along with details about the purpose of the processing. Furthermore, individuals can request that their data be deleted under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected, or if consent is withdrawn.

Options that suggest individuals have no rights over their data or limited rights compared to businesses do not align with the spirit of GDPR, which fundamentally aims to protect the rights of individuals. Similarly, the notion that individuals must pay to access their data contradicts GDPR principles, as individuals have the right to obtain this information free of charge, with certain exceptions in place.