BCS Exam PDP9 Topic 5 Question 20 Discussion

Actual exam question for BCS's PDP9 exam

Question #: 20
Topic #: 5

[All PDP9 Questions]

When does a personal data breach need to be reported to a supervisory authority?

AAll personal data breaches must be reported to a supervisory authority

BOnly where a disclosure is of special category data

CWhere the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

DWhen the controller's right of freedom of expression outweighs the data subject's right to a private home and family life.

Show Suggested Answer

Suggested Answer: A

The definitions of ''public authority'' and ''public body'' for the purposes of the UK GDPR and the Data Protection Act 2018 are found in the Freedom of Information Act 2000 and the Data Protection Act 2018 respectively. Section 7 of the Data Protection Act 2018 provides that a public authority or a public body is one that is listed in Schedule 1 to the Freedom of Information Act 2000, or is designated by an order under section 5 of that Act. However, a court or tribunal acting in its judicial capacity is not considered a public authority or a public body under the Data Protection Act 2018.Reference:

Section 7 of the Data Protection Act 20181

Schedule 1 to the Freedom of Information Act 2000

by Carman at Jul 15, 2024, 11:20 AM

Limited Time Offer

25%

Off

Get Premium PDP9 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Chauncey

26 days ago

I bet the right answer is hidden in the fine print, like 'unless the breach involves a cat video with over 1 million views.'

upvoted 0 times

Twanna

15 days ago

A) All personal data breaches must be reported to a supervisory authority

upvoted 0 times

...

Vincenza

1 months ago

B is way too narrow. Special category data is just one type of data that needs to be reported.

upvoted 0 times

Willodean

3 days ago

C) Where the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...

Rosann

23 days ago

A) All personal data breaches must be reported to a supervisory authority

upvoted 0 times

...

Kattie

1 months ago

D is just nonsense. Freedom of expression has nothing to do with reporting a data breach!

upvoted 0 times

Amie

20 days ago

A) All personal data breaches must be reported to a supervisory authority

upvoted 0 times

...

Nickole

1 months ago

I think A is a bit too broad. Not all breaches need to be reported, just the ones that pose a risk.

upvoted 0 times

...

Sharan

2 months ago

But what about special category data? Shouldn't those be reported too?

upvoted 0 times

...

Cordelia

2 months ago

C is the correct answer. The GDPR requires personal data breaches to be reported to the supervisory authority when they are likely to result in a risk to the rights and freedoms of individuals.

upvoted 0 times

Chi

18 days ago

That makes sense. It's important to protect people's rights and privacy.

upvoted 0 times

...

Arlette

21 days ago

C is the correct answer. The GDPR requires personal data breaches to be reported to the supervisory authority when they are likely to result in a risk to the rights and freedoms of individuals.

upvoted 0 times

...

Casandra

2 months ago

I agree with Michael, reporting a breach that poses a risk to people's rights is crucial for their protection.

upvoted 0 times

...

Michael

2 months ago

I think a personal data breach needs to be reported when it is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...