OneTrust Certified Privacy Professional Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the OneTrust Certified Privacy Professional Exam with detailed questions and explanations. Utilize flashcards and comprehensive MCQs to ensure you're ready to excel in your certification journey.

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What action must organizations take when they experience a data breach under GDPR?

Immediately inform the media
Notify the affected individuals only
Notify the supervisory authority within 72 hours
Do nothing if the breach is minor

The correct answer is: Notify the supervisory authority within 72 hours

Under the General Data Protection Regulation (GDPR), when an organization experiences a data breach, it is required to notify the relevant supervisory authority within 72 hours of becoming aware of the breach. This requirement emphasizes the accountability and transparency that organizations must uphold regarding personal data handling. Timely reporting allows the supervisory authority to assess the breach's severity and scope, enabling a coordinated response to protect individuals' data rights and mitigate potential risks. The 72-hour timeframe is critical because it ensures that the situation can be managed promptly, minimizing harm to affected individuals and preserving the integrity of the data protection system. While notifying affected individuals is also necessary, this notification is not as immediate as the reporting to supervisory authorities, which is the primary obligation under GDPR. The guidelines stipulate that even if a breach may seem minor, organizations should not disregard their responsibilities if there is a likelihood of risk to individuals' rights and freedoms. Hence, this structured approach to breach notification reflects GDPR's overarching goal of protecting personal data effectively.