OneTrust Certified Privacy Professional Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the OneTrust Certified Privacy Professional Exam. Get ready with flashcards, multiple choice questions, hints, and explanations. Achieve success!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What action must organizations take when they experience a data breach under GDPR?

  1. Immediately inform the media

  2. Notify the affected individuals only

  3. Notify the supervisory authority within 72 hours

  4. Do nothing if the breach is minor

The correct answer is: Notify the supervisory authority within 72 hours

Under the General Data Protection Regulation (GDPR), when an organization experiences a data breach, it is required to notify the relevant supervisory authority within 72 hours of becoming aware of the breach. This requirement emphasizes the accountability and transparency that organizations must uphold regarding personal data handling. Timely reporting allows the supervisory authority to assess the breach's severity and scope, enabling a coordinated response to protect individuals' data rights and mitigate potential risks. The 72-hour timeframe is critical because it ensures that the situation can be managed promptly, minimizing harm to affected individuals and preserving the integrity of the data protection system. While notifying affected individuals is also necessary, this notification is not as immediate as the reporting to supervisory authorities, which is the primary obligation under GDPR. The guidelines stipulate that even if a breach may seem minor, organizations should not disregard their responsibilities if there is a likelihood of risk to individuals' rights and freedoms. Hence, this structured approach to breach notification reflects GDPR's overarching goal of protecting personal data effectively.

More Questions Like This