A company is planning to process personal data. The recently appointed data protection officer (DPO) executes a data protection impact assessment (DPIA). The DPO finds that all computers have a setting causing monitors to show a screen saver after five seconds of inaction.
However, the computers are not locked automatically. When employees leave their desk, they usually do not lock their computers either.
What is this an example of?
A . Security incident
B . Personal data breach
C . Security vulnerability
D . Data access
Answer: C
Explanation:
Data access. Incorrect. The data have not been accessed.
Personal data breach. Incorrect. No personal data has been processed unauthorized yet, so it is not a breach.
Security incident. Incorrect. Processing has yet to begin, there is no reason to assume an incident has taken place.
Security vulnerability. Correct. Confidentiality of the data cannot be guaranteed if employees leave their workstation without locking the computer. (Literature: A, Chapter 2; GDPR Article 5(1)(f))
Latest PDPF Dumps Valid Version with 149 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund