Under what circumstance must a data controller notify a data breach to the CNIL?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Business Admin Knowledge Level 3 Test. Utilize interactive quizzes with multiple choice questions, each equipped with hints and detailed explanations. Prepare thoroughly for your certification!

Multiple Choice

Under what circumstance must a data controller notify a data breach to the CNIL?

Explanation:
The correct answer is that a data controller must notify a data breach to the CNIL only under certain conditions. Under the General Data Protection Regulation (GDPR), a data controller is required to report a personal data breach to the relevant supervisory authority (such as CNIL in France) when it is likely to result in a risk to the rights and freedoms of individuals. This notification must occur without undue delay and, where feasible, within 72 hours after the controller becomes aware of the breach. However, if the breach is unlikely to pose any risk to the individuals affected, the data controller is not obliged to notify the CNIL. This nuanced requirement ensures that data controllers focus on significant breaches that could impact personal data privacy while allowing flexibility for lower-risk incidents that do not necessitate regulatory involvement.

The correct answer is that a data controller must notify a data breach to the CNIL only under certain conditions. Under the General Data Protection Regulation (GDPR), a data controller is required to report a personal data breach to the relevant supervisory authority (such as CNIL in France) when it is likely to result in a risk to the rights and freedoms of individuals.

This notification must occur without undue delay and, where feasible, within 72 hours after the controller becomes aware of the breach. However, if the breach is unlikely to pose any risk to the individuals affected, the data controller is not obliged to notify the CNIL.

This nuanced requirement ensures that data controllers focus on significant breaches that could impact personal data privacy while allowing flexibility for lower-risk incidents that do not necessitate regulatory involvement.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy