CISSP PRACTICE QUESTIONS – 20201030

Effective CISSP Questions

Which of the following is not specified in GDPR?
A. Rights of the data subject
B. General obligations of controller and processor
C. Common privacy control baseline
D. General principle for transfers of personal data to third countries


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Common privacy control baseline.

Intersoft Consulting provides an awesome website for GDPR articles.

Common Privacy Control Baseline

GDPR doesn’t mandate specific privacy controls or baselines, but it does require “appropriate safeguards” to be implemented. There are many security and privacy control frameworks available, such as ISO 27001, ISO 27701, NIST SP 800-53, PCI-DSS, etc. They provide security and privacy control baselines and implementation guidelines.

GDPR encourages “the establishment of data protection certification mechanisms and of data protection seals and marks for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors.” (Article 42)

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

GDPR未規定以下哪一項?
A. 資料主體的權利
B. 控制者和處理者的一般義務
C. 共同的隱私控制基準
D. 將個人數據轉移到第三國的一般原則

 

Leave a Reply