Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?
Which of the following Convention 108+ principles, as amended in 2018, is NOT consistent with a principle found in the GDPR?
A. The obligation of companies to declare data breaches.
B. The requirement to demonstrate compliance to a supervisory authority.
C. The necessity of the bulk collection of personal data by the government.
Answer: C
Explanation:
Convention 108+ (the modernized version of Convention 108) is the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Both Convention 108+ and the GDPR aim to enhance personal data protection, but they might not mirror each other in all provisions.
A. Both Convention 108+ and the GDPR address the need for companies to declare data breaches. Under the GDPR, it is clearly defined in Articles 33 and 34 that data controllers must notify supervisory authorities of data breaches and, in certain situations, the affected individuals.
B. Demonstrating compliance to a supervisory authority is also a feature of both instruments. In the GDPR, this is captured under the accountability principle, and organizations might need to demonstrate their compliance through various mechanisms such as records of processing activities or data protection impact assessments.
C. The bulk collection of personal data by governments is a contentious issue. While the GDPR provides for data processing for reasons of public interest, it doesn’t inherently sanction "bulk" or mass collection without due justification, necessity, and proportionality. Convention 108+ doesn ’ t inherently endorse the bulk collection of personal data by governments either. The principle that stands out in inconsistency with the GDPR, among the given options, is the one related to bulk collection.
Latest CIPP-E Dumps Valid Version with 157 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund