OneTrust Certified Privacy Professional Practice Exam

The practice of collecting data without user consent is not compliant with the General Data Protection Regulation (GDPR). Under GDPR, one of the core principles is obtaining explicit consent from individuals before collecting and processing their personal data. This requirement applies to most types of personal data and is critical in ensuring that individuals have control over their information and can make informed decisions regarding its use. Without consent, data subjects have not agreed to the data collection, which violates their privacy rights as established by GDPR. Consent must be freely given, specific, informed, and unambiguous, and simply bypassing this requirement undermines the very foundation of the regulation.

The other practices mentioned—training employees on data protection regulations, implementing robust security measures for data, and providing individuals with access to their personal data—are aligned with GDPR compliance. Training ensures that employees understand their responsibilities regarding data protection, security measures are essential for protecting personal data from breaches, and providing access is a fundamental right under GDPR that allows individuals to verify the data being held about them and how it is being used.