Free IAPP CIPP-E Actual Exam Questions - Question 12 Discussion
company notify first under GDPR requirements?
C, it’s the supervisory authority that GDPR specifically mandates notifying first.
Guessing C here as well, because the GDPR sets a strict 72-hour deadline to alert the supervisory authority first. Notifying customers or parents seems to come after the authority’s involvement.
Good point on C since GDPR rules say you must notify the supervisory authority within 72 hours before telling anyone else. So C sounds right here.
Makes sense to me that it’s C. The GDPR clearly prioritizes notifying the supervisory authority first to coordinate the response. Notifying individuals or law enforcement comes after they get involved and assess the situation. So no matter how urgent, the company’s gotta report to the authority before anything else.
Probably C. The law really emphasizes informing the supervisory authority first to manage the response centrally before notifying anyone else. Law enforcement or individuals come later if needed.
D imo since contacting law enforcement depends on the breach type, not always first.
Maybe C because the main GDPR focus is on keeping the authorities informed quickly so they can oversee the response. Telling customers or parents comes after the authority’s been alerted.
It’s C because the GDPR mandates reporting to the supervisory authority promptly; notifying affected individuals or others only happens after assessing the breach’s impact. Law enforcement isn’t the first step here.
Probably C, since GDPR requires notifying the supervisory authority first.