OneTrust Certified Privacy Professional Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the OneTrust Certified Privacy Professional Exam. Get ready with flashcards, multiple choice questions, hints, and explanations. Achieve success!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

Which of the following practices is NOT compliant with GDPR?

  1. Training employees on data protection regulations

  2. Collecting data without user consent

  3. Implementing robust security measures for data

  4. Providing individuals with access to their personal data

The correct answer is: Collecting data without user consent

The practice of collecting data without user consent is not compliant with the General Data Protection Regulation (GDPR). Under GDPR, one of the core principles is obtaining explicit consent from individuals before collecting and processing their personal data. This requirement applies to most types of personal data and is critical in ensuring that individuals have control over their information and can make informed decisions regarding its use. Without consent, data subjects have not agreed to the data collection, which violates their privacy rights as established by GDPR. Consent must be freely given, specific, informed, and unambiguous, and simply bypassing this requirement undermines the very foundation of the regulation. The other practices mentioned—training employees on data protection regulations, implementing robust security measures for data, and providing individuals with access to their personal data—are aligned with GDPR compliance. Training ensures that employees understand their responsibilities regarding data protection, security measures are essential for protecting personal data from breaches, and providing access is a fundamental right under GDPR that allows individuals to verify the data being held about them and how it is being used.

More Questions Like This