Which option is NOT a GDPR requirement?

• A. Data can be stored indefinitely without safeguards
• B. Data must be used for a specific purpose
• C. Data must be accurate
• D. Data must be processed lawfully

Answer: (A)

GDPR is based on how personal data should be handled in terms how long it’s kept, why it’s processed, and how accurately it’s managed. The rules require that data be processed lawfully, fairly, and transparently; be used for a clearly defined purpose (purpose limitation); be accurate and kept up to date; and be stored only for as long as necessary with appropriate safeguards (storage limitation). Storing data indefinitely without safeguards goes against these principles, since it ignores both the need to limit retention and the need to protect data over time. The other statements align with GDPR: using data for a specific purpose matches purpose limitation; keeping data accurate reflects the accuracy requirement; and processing data lawfully aligns with the lawful processing requirement.