Which of the following is not specified in GDPR?
A. Rights of the data subject
B. General obligations of controller and processor
C. Common privacy control baseline
D. General principle for transfers of personal data to third countries
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Common privacy control baseline.
Intersoft Consulting provides an awesome website for GDPR articles.
- Rights of the data subject (Chapter 3)
- General obligations of controller and processor (Section 1, Chapter 4)
- General principle for transfers of personal data to third countries (Article 44, Chapter 5)
Common Privacy Control Baseline
GDPR doesn’t mandate specific privacy controls or baselines, but it does require “appropriate safeguards” to be implemented. There are many security and privacy control frameworks available, such as ISO 27001, ISO 27701, NIST SP 800-53, PCI-DSS, etc. They provide security and privacy control baselines and implementation guidelines.
GDPR encourages “the establishment of data protection certification mechanisms and of data protection seals and marks for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors.” (Article 42)
- General Data Protection Regulation (GDPR)
- A Very Brief Introduction to the GDPR Recitals
- Use These Frameworks to Establish GDPR Security Controls
- Download The Secure Controls Framework (SCF)
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.