OneTrust Certified Privacy Professional Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the OneTrust Certified Privacy Professional Exam. Get ready with flashcards, multiple choice questions, hints, and explanations. Achieve success!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What should a data controller do upon receiving a data erasure request?

  1. Ignore the request

  2. Erase the data unless there is a legitimate reason to retain it

  3. Notify the authorities

  4. Provide data to the requester

The correct answer is: Erase the data unless there is a legitimate reason to retain it

The appropriate action for a data controller upon receiving a data erasure request is to erase the data unless there is a legitimate reason to retain it. This practice is grounded in privacy regulations like the General Data Protection Regulation (GDPR), which grants individuals the right to request the deletion of their personal data under certain circumstances. When a data controller receives such a request, they must first assess whether the data in question falls under the criteria for erasure. This includes evaluating whether the personal data is no longer necessary for the purposes for which it was collected, if the individual has withdrawn their consent on which the processing is based, or if the data has been unlawfully processed. If a legitimate reason exists—such as compliance with a legal obligation to retain the data or the need to establish, exercise, or defend legal claims—then the data controller has the right to retain the data. Thus, the focus is on addressing the request appropriately by evaluating its validity and ensuring compliance with relevant legal obligations while respecting the rights of individuals.

More Questions Like This