CDPSE · Question #203
To ensure effective management of an organization's data privacy policy, senior leadership MUST define:
The correct answer is B. roles and responsibilities of the person with oversights.. Senior leadership must define roles and responsibilities of the person with oversight (B) because governance starts at the top - without clearly assigned accountability, a data privacy policy lacks authority and enforcement. Option A (training requirements) is an operational acti
Question
To ensure effective management of an organization's data privacy policy, senior leadership MUST define:
Options
- Atraining and testing requirements for employees handling personal data.
- Broles and responsibilities of the person with oversights.
- Cmetrics and outcomes recommended by external agencies.
- Dthe scope and responsibilities of the data owner.
How the community answered
(59 responses)- A2% (1)
- B80% (47)
- C14% (8)
- D5% (3)
Explanation
Senior leadership must define roles and responsibilities of the person with oversight (B) because governance starts at the top - without clearly assigned accountability, a data privacy policy lacks authority and enforcement. Option A (training requirements) is an operational activity typically delegated to HR or compliance teams, not a leadership-level policy definition. Option C (metrics from external agencies) confuses advisory guidance with the internal governance mandate that leadership owns. Option D (data owner scope) is a subset of the broader accountability framework - while important, it's a downstream artifact of first establishing oversight roles at the senior level.
Memory tip: Think "Who's in charge?" - before any policy can be managed, leadership must answer that question first. Oversight roles = the foundation; everything else (training, metrics, data ownership) flows from it.
Topics
Community Discussion
No community discussion yet for this question.