ExpertHard1 markMultiple Choice
CPA · Question 77 · Area II: Security
An auditor is reviewing the 'Data Retention Policy'. The policy states that customer data is deleted after 7 years. However, the auditor finds backups containing 10-year-old data. This is a violation of which GDPR principle?
An auditor is reviewing the 'Data Retention Policy'. The policy states that customer data is deleted after 7 years. However, the auditor finds backups containing 10-year-old data. This is a violation of which GDPR principle?
Answer options:
A.
Accuracy
B.
Storage Limitation
C.
Integrity and Confidentiality
D.
Lawfulness
How to approach this question
Keeping data too long = Storage Limitation violation.
Full Answer
B.Storage Limitation✓ Correct
Storage Limitation
The Storage Limitation principle states that personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Common mistakes
Forgetting that backups are also subject to retention rules.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard