CDPSE · Question #26
Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?
The correct answer is A. To assess privacy risks. Data flow mapping traces where personal data originates, how it moves through systems, who accesses it, and where it is stored or transferred. The primary purpose is to surface privacy risks - data flows may cross jurisdictions, involve third-party processors, or lack adequate co
Question
Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?
Options
- ATo assess privacy risks
- BTo evaluate effectiveness of data controls
- CTo determine data integration gaps
- DTo comply with regulations
How the community answered
(41 responses)- A93% (38)
- B2% (1)
- D5% (2)
Explanation
Data flow mapping traces where personal data originates, how it moves through systems, who accesses it, and where it is stored or transferred. The primary purpose is to surface privacy risks - data flows may cross jurisdictions, involve third-party processors, or lack adequate controls, all of which represent risk. While data flow maps also support compliance documentation, evaluation of controls, and identification of integration gaps, those are secondary outcomes. Risk assessment is the foundational reason: you cannot protect data or comply with privacy obligations if you do not know where the data is and how it moves.
Topics
Community Discussion
No community discussion yet for this question.