Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPM Topic 7 Question 58 Discussion

Actual exam question for IAPP's CIPM exam
Question #: 58
Topic #: 7
[All CIPM Questions]

Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?

Show Suggested Answer Hide Answer
Suggested Answer: B

If your organization provides a SaaS tool for B2B services and does not interact with individual consumers, and a client's current employee reaches out with a right to delete request, the most appropriate response is to redirect the individual back to their employer to understand their rights and how this might impact access to company tools. This is because your organization is acting as a processor for the client, who is the controller of the employee's personal dat

a. The controller is responsible for determining the purposes and means of processing personal data, as well as responding to data subject requests. The processor should only process personal data on behalf of and in accordance with the instructions of the controller.Therefore, you should not forward the request to the client, process the request without consulting the client, or deny the request based on business contact information being exempt from privacy rights laws1,2.Reference:CIPM - International Association of Privacy Professionals,Free CIPM Study Guide - International Association of Privacy Professionals


Contribute your Thoughts:

Vilma
6 months ago
I think in that case we should follow option D and explain our position regarding privacy rights.
upvoted 0 times
...
Jade
7 months ago
But what if the client's contact doesn't respond? Should we just delete the data?
upvoted 0 times
...
Nadine
7 months ago
I agree with Pansy. The client should have the final say on this matter.
upvoted 0 times
...
Pansy
7 months ago
I think we should forward the request to the client's contact. It's their data after all.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77