OneTrust Certified Privacy Professional Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the OneTrust Certified Privacy Professional Exam with detailed questions and explanations. Utilize flashcards and comprehensive MCQs to ensure you're ready to excel in your certification journey.

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What should a data controller do upon receiving a data erasure request?

Ignore the request
Erase the data unless there is a legitimate reason to retain it
Notify the authorities
Provide data to the requester

The correct answer is: Erase the data unless there is a legitimate reason to retain it

The appropriate action for a data controller upon receiving a data erasure request is to erase the data unless there is a legitimate reason to retain it. This practice is grounded in privacy regulations like the General Data Protection Regulation (GDPR), which grants individuals the right to request the deletion of their personal data under certain circumstances. When a data controller receives such a request, they must first assess whether the data in question falls under the criteria for erasure. This includes evaluating whether the personal data is no longer necessary for the purposes for which it was collected, if the individual has withdrawn their consent on which the processing is based, or if the data has been unlawfully processed. If a legitimate reason exists—such as compliance with a legal obligation to retain the data or the need to establish, exercise, or defend legal claims—then the data controller has the right to retain the data. Thus, the focus is on addressing the request appropriately by evaluating its validity and ensuring compliance with relevant legal obligations while respecting the rights of individuals.