nerdexam
Isaca

CDPSE · Question #227

Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

The correct answer is D. Data protection requirements are included.. A business case for a system handling personal information must include data protection requirements because these establish the legal and regulatory obligations the system must fulfill (e.g., data subject rights, retention limits, consent mechanisms, breach notification). If the

Privacy Governance

Question

Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

Options

  • AThe system architecture is clearly defined.
  • BA risk assessment has been completed.
  • CSecurity controls are clearly defined.
  • DData protection requirements are included.

How the community answered

(51 responses)
  • A
    12% (6)
  • B
    2% (1)
  • C
    4% (2)
  • D
    82% (42)

Explanation

A business case for a system handling personal information must include data protection requirements because these establish the legal and regulatory obligations the system must fulfill (e.g., data subject rights, retention limits, consent mechanisms, breach notification). If these requirements are absent from the business case, the resulting procurement may produce a non-compliant system, exposing the organization to regulatory penalties, litigation, and reputational harm. System architecture, risk assessments, and security controls are all important but are downstream activities that should be shaped by the data protection requirements identified upfront.

Topics

#Business Case#Data Protection Requirements#Privacy by Design#System Procurement

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice