ExpertMedium1 markMultiple Choice
CPA · Question 17 · Area II: Security
Under the General Data Protection Regulation (GDPR), a 'Data Controller' is defined as:
Under the General Data Protection Regulation (GDPR), a 'Data Controller' is defined as:
Answer options:
A.
The entity that processes personal data on behalf of another entity.
B.
The supervisory authority responsible for enforcing the regulation.
C.
The entity that determines the purposes and means of the processing of personal data.
D.
The individual to whom the personal data relates.
How to approach this question
Distinguish between Controller (Boss) and Processor (Worker). Controller decides 'Why' and 'How'.
Full Answer
C.The entity that determines the purposes and means of the processing of personal data.✓ Correct
C
GDPR Article 4 defines the Controller as the natural or legal person who determines the purposes and means of the processing of personal data.
Common mistakes
Confusing Controller and Processor.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard