nerdexam
Isaca

CDPSE · Question #18

Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?

The correct answer is D. Data owner. The Data Owner is the business entity or senior individual with ultimate accountability and decision-making authority over a specific data asset - including how it is used, shared, and protected. They are the appropriate stakeholder to approve PIA outcomes because they bear accou

Privacy Governance

Question

Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?

Options

  • AData custodian
  • BPrivacy data analyst
  • CData processor
  • DData owner

How the community answered

(58 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    5% (3)
  • D
    91% (53)

Explanation

The Data Owner is the business entity or senior individual with ultimate accountability and decision-making authority over a specific data asset - including how it is used, shared, and protected. They are the appropriate stakeholder to approve PIA outcomes because they bear accountability for the risks identified and must authorize any accepted risks or remediation actions. A data custodian (A) manages and maintains data on behalf of the owner but lacks approval authority. A privacy data analyst (B) supports the PIA process analytically but does not have accountability authority. A data processor (C) processes data on behalf of a controller and has no ownership or approval role in the PIA.

Topics

#Privacy Impact Assessment (PIA)#Data owner#Stakeholder roles#Privacy governance

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice