Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?
Which of the following does NOT have to be included in the records most processors must maintain in relation to their data processing activities?
A . Name and contact details of each controller on behalf of which the processor is acting.
B . Categories of processing carried out on behalf of each controller for which the processor is acting.
C . Details of transfers of personal data to a third country carried out on behalf of each controller for which the processor is acting.
D . Details of any data protection impact assessment conducted in relation to any processing activities carried out by the processor on behalf of each controller for which the processor is acting.
Answer: D
Explanation:
While processors are required to maintain records of their processing activities, details of any data protection impact assessment (DPIA) are the responsibility of the controller, not the processor. The GDPR does not mandate that processors include details of DPIAs in their records of processing activities.
Latest CIPP-E Dumps Valid Version with 157 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund