PECB Exam GDPR Topic 1 Question 4 Discussion

Actual exam question for PECB's GDPR exam

Question #: 4
Topic #: 1

[All GDPR Questions]

An organization suffered a personal data breach. The attackers gained access to their database through a user account that had unlimited access to dat

a. What should the DPO advise the organization to do in order to prevent the recurrence of similar scenarios?

AReview if the access control system allows the creation, approval, review, and deletion of user accounts

BUse cloud computing services to mitigate the risk of personal data breaches

CCreate and use shared accounts for several users in order to minimize the number of user accounts

Show Suggested Answer

Suggested Answer: A

GDPR Article 32(1)(b) emphasizes implementing access controls to ensure data security. Reviewing and restricting account permissions using the principle of least privilege (PoLP) helps prevent unauthorized access. Shared accounts (option C) increase security risks, and using cloud computing (option B) does not directly address access control vulnerabilities.

by Chara at Mar 24, 2025, 12:15 PM

Limited Time Offer

25%

14 days ago

A seems like the obvious choice here. Reviewing the access control system is key to preventing similar breaches.

upvoted 0 times

...