In which scenario is a Controller most likely required to undertake a Data Protection Impact Assessment?
A. When the controller is collecting email addresses from individuals via an online registration form for marketing purposes.
B. When personal data is being collected and combined with other personal data to profile the creditworthiness of individuals.
C. When the controller is required to have a Data Protection Officer.
D. When personal data is being transferred outside of the EEA.
Answer: C
Explanation:
Reference: https://www.tandfonline.com/doi/full/10.1080/13600834.2020.1790092#:~:text=Article%2035%20of%20the%20General,and%20freedoms%20of%20natural%20persons%27.