CDPSE · Question #112
Which of the following should an IT privacy practitioner review FIRST to understand where personal data is coming from and how it is used within the organization?
The correct answer is B. Data inventory. A data inventory is the foundational document that catalogues all personal data an organization holds-what data exists, where it originates, where it is stored, who owns it, and how it is used. Reviewing it first (B) gives the practitioner the broadest, most complete starting poi
Question
Which of the following should an IT privacy practitioner review FIRST to understand where personal data is coming from and how it is used within the organization?
Options
- AData process flow diagrams
- BData inventory
- CData classification
- DData collection standards
How the community answered
(40 responses)- A5% (2)
- B93% (37)
- D3% (1)
Explanation
A data inventory is the foundational document that catalogues all personal data an organization holds-what data exists, where it originates, where it is stored, who owns it, and how it is used. Reviewing it first (B) gives the practitioner the broadest, most complete starting point. Data process flow diagrams (A) show movement of data but are derived from and require knowledge of the inventory. Data classification (C) categorizes data that has already been inventoried. Data collection standards (D) are policies that govern how data should be collected, not a record of what is actually being collected.
Topics
Community Discussion
No community discussion yet for this question.