BCS Exam PDP9 Topic 5 Question 20 Discussion

Actual exam question for BCS's PDP9 exam

Question #: 20
Topic #: 5

[All PDP9 Questions]

When does a personal data breach need to be reported to a supervisory authority?

AAll personal data breaches must be reported to a supervisory authority

BOnly where a disclosure is of special category data

CWhere the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

DWhen the controller's right of freedom of expression outweighs the data subject's right to a private home and family life.

Show Suggested Answer

Suggested Answer: A

The definitions of ''public authority'' and ''public body'' for the purposes of the UK GDPR and the Data Protection Act 2018 are found in the Freedom of Information Act 2000 and the Data Protection Act 2018 respectively. Section 7 of the Data Protection Act 2018 provides that a public authority or a public body is one that is listed in Schedule 1 to the Freedom of Information Act 2000, or is designated by an order under section 5 of that Act. However, a court or tribunal acting in its judicial capacity is not considered a public authority or a public body under the Data Protection Act 2018.Reference:

Section 7 of the Data Protection Act 20181

Schedule 1 to the Freedom of Information Act 2000

by Carman at Jul 15, 2024, 12:20 PM

Limited Time Offer

25%

Off

Get Premium PDP9 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Arlie

2 days ago

I think A is too broad. Not all breaches need reporting.

upvoted 0 times

...

Lavonda

8 days ago

C is correct! Only report if there's a risk to rights and freedoms.

upvoted 0 times

...

Harley

14 days ago

I don't think the controller's freedom of expression is relevant here. It seems more about the potential harm to individuals, which makes me lean towards option C.

upvoted 0 times

...

Penney

19 days ago

I feel like all breaches should be reported, but I think there are specific criteria that determine when it's mandatory. Wasn't there something about special category data too?

upvoted 0 times

...

Theola

24 days ago

I remember practicing a question similar to this, and I believe it was about assessing the impact of the breach on data subjects. That might relate to option C.

upvoted 0 times

...

Valentin

1 month ago

I think a breach needs to be reported when it poses a risk to individuals' rights and freedoms, but I'm not entirely sure if that's the only condition.

upvoted 0 times

...

Karl

1 month ago

This is a tricky one. I'm not totally sure, but I think the correct answer is C. I'll double-check the information, but that's my best guess for now.

upvoted 0 times

...

Laurel

1 month ago

Okay, let me think this through. The key seems to be whether the breach poses a risk to people's rights and freedoms. I'll focus on that when deciding which answer to choose.

upvoted 0 times

...

Dolores

1 month ago

Hmm, I'm a bit confused on this one. Do we have to report all personal data breaches, or just the ones involving special category data? I'll need to review the details again.

upvoted 0 times

...

Penney

1 month ago

I think I know the answer to this one. It's option C - where the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...

Gilberto

1 month ago

I'm a little unsure on this one. My first instinct was to say the btool.log file, since that's where Splunk logs information about the configuration files. But the question is specifically about monitor stanzas, so the splunkd.log file might be the better choice. I'll have to think this through carefully.

upvoted 0 times

...

Kate

1 month ago

I think an unclaimed device might be one that hasn't been set up with a workflow, but I'm not entirely sure.

upvoted 0 times

...

Adria

1 month ago

Hmm, I'm a bit confused by the error message. I'll need to review the details of the question again.

upvoted 0 times

...

Chauncey

6 months ago

I bet the right answer is hidden in the fine print, like 'unless the breach involves a cat video with over 1 million views.'

upvoted 0 times

Crista

5 months ago

That's correct! It's important to report breaches that could impact people's rights and freedoms.

upvoted 0 times

...

Brittney

5 months ago

C) Where the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...

Twanna

6 months ago

A) All personal data breaches must be reported to a supervisory authority

upvoted 0 times

...

Vincenza

6 months ago

B is way too narrow. Special category data is just one type of data that needs to be reported.

upvoted 0 times

Kristeen

5 months ago

B) Only where a disclosure is of special category data

upvoted 0 times

...

Willodean

5 months ago

C) Where the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...

Rosann

6 months ago

A) All personal data breaches must be reported to a supervisory authority

upvoted 0 times

...

Kattie

7 months ago

D is just nonsense. Freedom of expression has nothing to do with reporting a data breach!

upvoted 0 times

Octavio

5 months ago

C) Where the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...

Tijuana

5 months ago

B) Only where a disclosure is of special category data

upvoted 0 times

...

Carli

5 months ago

C) Where the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...

Amie

6 months ago

A) All personal data breaches must be reported to a supervisory authority

upvoted 0 times

...

Nickole

7 months ago

I think A is a bit too broad. Not all breaches need to be reported, just the ones that pose a risk.

upvoted 0 times

...

Sharan

7 months ago

But what about special category data? Shouldn't those be reported too?

upvoted 0 times

...

Cordelia

7 months ago

C is the correct answer. The GDPR requires personal data breaches to be reported to the supervisory authority when they are likely to result in a risk to the rights and freedoms of individuals.

upvoted 0 times

Chi

6 months ago

That makes sense. It's important to protect people's rights and privacy.

upvoted 0 times

...

Arlette

6 months ago

C is the correct answer. The GDPR requires personal data breaches to be reported to the supervisory authority when they are likely to result in a risk to the rights and freedoms of individuals.

upvoted 0 times

...

Casandra

7 months ago

I agree with Michael, reporting a breach that poses a risk to people's rights is crucial for their protection.

upvoted 0 times

...

Michael

7 months ago

I think a personal data breach needs to be reported when it is likely to result in a risk to the rights and freedoms of natural persons.

upvoted 0 times

...