CDPSE · Question #21
Which of the following is MOST important when developing an organizational data privacy program?
The correct answer is C. Following an established privacy framework. Following an established privacy framework (e.g., NIST Privacy Framework, ISO 27701, GDPR principles) is the most important starting point because frameworks provide a comprehensive, structured, and proven foundation that accounts for all key program elements: governance, risk ma
Question
Which of the following is MOST important when developing an organizational data privacy program?
Options
- AObtaining approval from process owners
- BProfiling current data use
- CFollowing an established privacy framework
- DPerforming an inventory of all data
How the community answered
(50 responses)- A4% (2)
- B2% (1)
- C84% (42)
- D10% (5)
Explanation
Following an established privacy framework (e.g., NIST Privacy Framework, ISO 27701, GDPR principles) is the most important starting point because frameworks provide a comprehensive, structured, and proven foundation that accounts for all key program elements: governance, risk management, controls, and compliance. Building on a recognized framework prevents critical omissions and aligns the program with regulatory expectations and industry best practices. Options A (process owner approval), B (data use profiling), and D (data inventory) are all valid and necessary activities within a privacy program, but they are components or tasks that occur within the framework - not the foundational anchor for the entire program.
Topics
Community Discussion
No community discussion yet for this question.