nerdexam
Isaca

CDPSE · Question #191

Which of the following features should be incorporated into an organization's technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

The correct answer is B. Allowing individuals to have direct access to their data. Option B is correct because privacy frameworks like GDPR explicitly grant data subjects rights over their own personal data - including the right to access, correct, and delete it. Incorporating direct individual access into the technology stack (e.g., a self-service portal) is t

Privacy Architecture

Question

Which of the following features should be incorporated into an organization's technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

Options

  • AProviding system engineers the ability to search and retrieve data
  • BAllowing individuals to have direct access to their data
  • CAllowing system administrators to manage data access
  • DEstablishing a data privacy customer service bot for individuals

How the community answered

(48 responses)
  • A
    2% (1)
  • B
    79% (38)
  • C
    13% (6)
  • D
    6% (3)

Explanation

Option B is correct because privacy frameworks like GDPR explicitly grant data subjects rights over their own personal data - including the right to access, correct, and delete it. Incorporating direct individual access into the technology stack (e.g., a self-service portal) is the mechanism that fulfills these legal rights.

Why the distractors fail:

  • A - Engineer search/retrieval capabilities serve operational needs, not the data subject's right to control their own data; this is an internal tool, not a subject-facing one.
  • C - Admin-managed access control governs who can access data, but it doesn't give individuals autonomy over their own records - it keeps control with the organization.
  • D - A customer service bot may help answer questions, but answering questions is not the same as granting individuals actual control (access, correction, deletion) over their data.

Memory tip: Think of it as "rights belong to the subject, not the system." The correct feature always puts the individual in the driver's seat - anything that routes control through an admin, engineer, or bot intermediary moves control away from the subject.

Topics

#Data Subject Rights#Right to Access#Individual Data Control#Privacy by Design

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice