nerdexam
Isaca

CDPSE · Question #193

How should the chief privacy officer of an international enterprise BEST balance the requirements of the enterprise's privacy standards with local regulations?

The correct answer is D. Create a local version of the organizational standards.. Creating a local version of organizational standards (D) is the best approach because it allows the enterprise to maintain its core privacy principles while incorporating jurisdiction-specific legal requirements - neither ignoring local law nor abandoning corporate standards, but

Privacy Governance

Question

How should the chief privacy officer of an international enterprise BEST balance the requirements of the enterprise's privacy standards with local regulations?

Options

  • APrioritize organizational standards over local regulations.
  • BConduct awareness training regarding conflicts between the standards and local regulations.
  • CPrioritize local regulations over organizational standards.
  • DCreate a local version of the organizational standards.

How the community answered

(15 responses)
  • A
    13% (2)
  • B
    13% (2)
  • C
    7% (1)
  • D
    67% (10)

Explanation

Creating a local version of organizational standards (D) is the best approach because it allows the enterprise to maintain its core privacy principles while incorporating jurisdiction-specific legal requirements - neither ignoring local law nor abandoning corporate standards, but harmonizing both into a compliant, workable framework.

Why the others are wrong:

  • A is wrong because organizational standards cannot override local law - violating local regulations exposes the enterprise to legal liability regardless of internal policy.
  • B is wrong because awareness training alone doesn't resolve the conflict; employees still lack a clear, compliant standard to follow.
  • C is wrong because blindly prioritizing local regulations could undermine the enterprise's global privacy baseline and create inconsistency across jurisdictions.

Memory tip: Think of it as "localize, don't compromise" - the CPO's job is to adapt the standard to fit local law, not pick a winner between the two.

Topics

#Privacy Standards#Regulatory Compliance#International Compliance#Privacy Governance

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice