CDPSE · Question #276
Which of the following BEST enables an organization to comply with data privacy laws?
The correct answer is C. Limiting the data that the organization maintains. Data minimization is a foundational principle embedded in virtually every major data privacy regulation, including GDPR, CCPA, and PIPEDA. The principle holds that organizations should collect, process, and retain only the personal data that is strictly necessary for a defined pu
Question
Which of the following BEST enables an organization to comply with data privacy laws?
Options
- AMandating frequent organization-wide privacy training
- BCreating a matrix of data privacy regulations
- CLimiting the data that the organization maintains
- DImplementing strong identity and access controls
How the community answered
(42 responses)- B2% (1)
- C95% (40)
- D2% (1)
Explanation
Data minimization is a foundational principle embedded in virtually every major data privacy regulation, including GDPR, CCPA, and PIPEDA. The principle holds that organizations should collect, process, and retain only the personal data that is strictly necessary for a defined purpose. If the data is never collected or is deleted when no longer needed, the organization eliminates the compliance obligation for that data entirely-reducing legal exposure, breach risk, and regulatory scope all at once. Training (A) and access controls (D) are important supporting controls but do not reduce the volume of regulated data. A regulatory matrix (B) is a tool for tracking compliance, not achieving it.
Topics
Community Discussion
No community discussion yet for this question.