BCS Exam PDP9 Topic 5 Question 20 Discussion

Actual exam question for BCS's PDP9 exam

Question #: 20
Topic #: 5

[All PDP9 Questions]

When does a personal data breach need to be reported to a supervisory authority?

AAll personal data breaches must be reported to a supervisory authority

BOnly where a disclosure is of special category data

CWhere the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

DWhen the controller's right of freedom of expression outweighs the data subject's right to a private home and family life.

Show Suggested Answer

Suggested Answer: A

The definitions of ''public authority'' and ''public body'' for the purposes of the UK GDPR and the Data Protection Act 2018 are found in the Freedom of Information Act 2000 and the Data Protection Act 2018 respectively. Section 7 of the Data Protection Act 2018 provides that a public authority or a public body is one that is listed in Schedule 1 to the Freedom of Information Act 2000, or is designated by an order under section 5 of that Act. However, a court or tribunal acting in its judicial capacity is not considered a public authority or a public body under the Data Protection Act 2018.Reference:

Section 7 of the Data Protection Act 20181

Schedule 1 to the Freedom of Information Act 2000

by Carman at Jul 15, 2024, 11:20 AM

Limited Time Offer

25%

Off

Get Premium PDP9 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Sharan

2 hours ago

But what about special category data? Shouldn't those be reported too?

upvoted 0 times

...

Cordelia

4 days ago

C is the correct answer. The GDPR requires personal data breaches to be reported to the supervisory authority when they are likely to result in a risk to the rights and freedoms of individuals.

upvoted 0 times

...

Casandra

6 days ago

I agree with Michael, reporting a breach that poses a risk to people's rights is crucial for their protection.

upvoted 0 times

...

Michael

14 days ago

I think a personal data breach needs to be reported when it is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...