Which of the following is a primary responsibility of the 'Data Controller' under GDPR?

Answer options:

Determining the purposes and means of processing personal data.

Processing data only on behalf of the Controller.

Ensuring data is stored only in the US.

Encrypting all public web traffic.

How to approach this question

Differentiate Controller (Boss) vs Processor (Worker).

Full Answer

A.Determining the purposes and means of processing personal data.✓ Correct

Under GDPR, the Data Controller is the entity that determines the purposes and means of the processing of personal data. The Data Processor processes data on behalf of the Controller.

Common mistakes

Confusing Controller and Processor roles.

Question 20 All questions Question 22

Practice the full CPA ISC Practice Exam 3

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...Medium Q02During a review of a client's cloud governance structure, an auditor notes that the client uses a...Medium Q03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...Hard Q04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...Hard Q05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium

View all 82 questions →