27 Oct Practice Test Question- General Data Protection Regulation
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Under GDPR, which one of the following statements about Data Protection Officers (DPOs) is incorrect?
A. DPOs must be appointed based upon professional qualities and expert knowledge
B. Regulatory bodies must be informed of the name and contact information for the DPO
C. DPOs must be employees of the organization
D. Organizations may not provide instructions to the DPO on performing their tasks under GDPR Article 39
Correct Answer: C
Let’s walk through these and eliminate the statements that we know are correct about the GDPR. First, it is true that data protection officers, or DPOs, must be appointed based upon their professional expertise. DPOs must be well-qualified for their positions. So we can eliminate that answer. And once an organization appoints a DPO, they must notify regulators of the appointment and provide contact information so that the regulators may contact the DPO. Finally, organizations must provide the DPO with autonomy to perform their work under GDPR Article 39, so we’ll eliminate that answer. Organizations are allowed to designate a contractor or service provider as an external DPO, if they wish to do so, so that makes the statement that DPOs must be employees of the organization the incorrect statement and our correct answer.