ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Area II: SecurityGDPRRolesArea II

CPA · Question 59 · Area II: Security

Under GDPR, which role determines the 'purposes and means' of processing personal data?

Answer options:

A.

Data Processor

B.

Data Controller

C.

Data Subject

D.

Data Protection Officer

How to approach this question

Controller = Boss (Decides). Processor = Worker (Does).

Full Answer

B.Data Controller✓ Correct
The Data Controller is the entity that determines the purposes and means of the processing of personal data. The Processor acts on the Controller's instructions.

Common mistakes

Confusing Controller and Processor.
58All questions60

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard
View all 82 questions →