You work in a company that providestraining services. One of the clientsrequests accessto information about thecategories of recipientsto whom theirpersonal data will be disclosed.
Whatactionsshould you take to becompliant with GDPR?
A.
Obtainauthorizationfrom the recipients before disclosing their identities.
B.
Verify the identityof the client by sendinglogin datato their mailing address.
C.
Inform the client thataccess to this type of information is not allowed, since it may result in ahigh riskto the rights and freedoms of recipients.
D.
Provide theclient with the requested informationabout the recipients of their data.
UnderArticle 15(1)(c) of GDPR, data subjects have theright to accessinformation about therecipients or categories of recipientswho have received their personal data.
Option D is correctbecauseGDPR mandates transparency regarding data sharing.
Option A is incorrectbecauseauthorization from recipients is not requiredbefore disclosing their categories.
Option B is incorrectbecauseidentity verification applies to access requests but is not a prerequisite for providing recipient information.
Option C is incorrectbecause denying access to this informationviolates the data subject’s right under GDPR.
References:
GDPR Article 15(1)(c)(Right of access to recipient categories)
Recital 63(Transparency in processing and access rights)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit