Under Article 30 of the GDPR, controllers are required to keep records of all of the following EXCEPT?
A . Incidents of personal data breaches, whether disclosed or not.
B . Data inventory or data mapping exercises that have been conducted.
C . Categories of recipients to whom the personal data have been disclosed.
D . Retention periods for erasure and deletion of categories of personal data.
Answer: D
Explanation:
Reference: https://medium.com/golden-data/what-records-must-controllers-and-processors-keep-to-comply-with-eu-data-protection-law-3e8bac177695