ExpertMedium1 markMultiple Choice
CPA · Question 06 · Area II: Security
Under GDPR, which principle requires that personal data be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed?
Under GDPR, which principle requires that personal data be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed?
Answer options:
A.
Purpose Limitation
B.
Data Minimization
C.
Storage Limitation
D.
Accuracy
How to approach this question
Match the definition 'limited to what is necessary' to the principle name.
Full Answer
B.Data Minimization✓ Correct
Article 5 of GDPR outlines the principles. Data Minimization requires that data collected is limited to what is necessary for the intended purpose.
Common mistakes
Confusing Purpose Limitation (why you collect it) with Data Minimization (how much you collect).
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium