Under the GDPR purpose-limitation principle, which practice best helps an organization remain compliant when it designs an online form to collect personal data from customers?
Request every piece of information that could be useful in future projects, provided the data is stored securely.
Document and disclose, before collection, exactly which personal data will be collected and the legitimate purposes for each field.
Use a blanket consent statement that allows the organization to repurpose the data for any future processing.
Rely on the corporate privacy policy alone and omit purpose statements on the form to avoid confusing customers.
Documenting and disclosing, in advance, the exact personal data fields and the specific lawful purposes for each satisfies the GDPR's requirement that data be collected only for "specified, explicit and legitimate purposes." This transparency lets data subjects understand how their information will be used and allows auditors to verify compliance. The other choices either encourage collecting data 'just in case,' rely on blanket consent for undefined future uses, or omit purpose statements altogether-all of which breach the purpose-limitation and transparency obligations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is GDPR and why is it important for data collection?
Open an interactive chat with Bash
What should a detailed document for data collection include?
Open an interactive chat with Bash
How does transparency in data collection enhance user relationships?
Open an interactive chat with Bash
ISC2 CISSP
Asset Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access