nerdexam
Isaca

CDPSE · Question #26

Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?

The correct answer is A. To assess privacy risks. Data flow mapping traces where personal data originates, how it moves through systems, who accesses it, and where it is stored or transferred. The primary purpose is to surface privacy risks - data flows may cross jurisdictions, involve third-party processors, or lack adequate co

Data Life Cycle

Question

Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?

Options

  • ATo assess privacy risks
  • BTo evaluate effectiveness of data controls
  • CTo determine data integration gaps
  • DTo comply with regulations

How the community answered

(41 responses)
  • A
    93% (38)
  • B
    2% (1)
  • D
    5% (2)

Explanation

Data flow mapping traces where personal data originates, how it moves through systems, who accesses it, and where it is stored or transferred. The primary purpose is to surface privacy risks - data flows may cross jurisdictions, involve third-party processors, or lack adequate controls, all of which represent risk. While data flow maps also support compliance documentation, evaluation of controls, and identification of integration gaps, those are secondary outcomes. Risk assessment is the foundational reason: you cannot protect data or comply with privacy obligations if you do not know where the data is and how it moves.

Topics

#Data mapping#Privacy risk#Personal data flow#Privacy program

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice