OneTrust Certified Privacy Professional Practice Exam

What is the purpose of the GDPR principle of "Integrity and Confidentiality"?

• A. To allow data to be easily shared among third parties
• B. To ensure personal data is processed securely to protect against unauthorized access or destruction
• C. To maintain complete transparency in data processing
• D. To ensure that all data collected is deleted within a year

The correct answer is: To ensure personal data is processed securely to protect against unauthorized access or destruction

The principle of "Integrity and Confidentiality" under the General Data Protection Regulation (GDPR) is fundamentally concerned with ensuring that personal data is processed securely, protecting it against unauthorized access, loss, or destruction. This principle emphasizes the need for appropriate technical and organizational measures to safeguard data, reducing risks and ensuring that individuals' rights are respected. The focus here is on data security, meaning that organizations handling personal data must deploy measures that ensure the data remains intact and confidential. This includes implementing security protocols, such as encryption and access controls, to prevent unauthorized access and ensuring that data is not inadvertently altered or destroyed. While other options touch on various aspects of data processing and protection, they do not adequately capture the essence of the "Integrity and Confidentiality" principle. For example, sharing data among third parties does not align with this principle unless done securely and transparently. Similarly, transparency in data processing relates more to the openness and communication regarding how personal data is used, rather than its secure processing. Lastly, the requirement for data deletion within a specified timeframe is not a direct reflection of the integrity and confidentiality principle, but rather relates to data retention policies.