nerdexam
Isaca

CDPSE · Question #21

Which of the following is MOST important when developing an organizational data privacy program?

The correct answer is C. Following an established privacy framework. Following an established privacy framework (e.g., NIST Privacy Framework, ISO 27701, GDPR principles) is the most important starting point because frameworks provide a comprehensive, structured, and proven foundation that accounts for all key program elements: governance, risk ma

Privacy Governance

Question

Which of the following is MOST important when developing an organizational data privacy program?

Options

  • AObtaining approval from process owners
  • BProfiling current data use
  • CFollowing an established privacy framework
  • DPerforming an inventory of all data

How the community answered

(50 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    84% (42)
  • D
    10% (5)

Explanation

Following an established privacy framework (e.g., NIST Privacy Framework, ISO 27701, GDPR principles) is the most important starting point because frameworks provide a comprehensive, structured, and proven foundation that accounts for all key program elements: governance, risk management, controls, and compliance. Building on a recognized framework prevents critical omissions and aligns the program with regulatory expectations and industry best practices. Options A (process owner approval), B (data use profiling), and D (data inventory) are all valid and necessary activities within a privacy program, but they are components or tasks that occur within the framework - not the foundational anchor for the entire program.

Topics

#Privacy program development#Privacy frameworks#Program foundational elements#Organizational privacy

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice