nerdexam
Isaca

CDPSE · Question #276

Which of the following BEST enables an organization to comply with data privacy laws?

The correct answer is C. Limiting the data that the organization maintains. Data minimization is a foundational principle embedded in virtually every major data privacy regulation, including GDPR, CCPA, and PIPEDA. The principle holds that organizations should collect, process, and retain only the personal data that is strictly necessary for a defined pu

Data Life Cycle

Question

Which of the following BEST enables an organization to comply with data privacy laws?

Options

  • AMandating frequent organization-wide privacy training
  • BCreating a matrix of data privacy regulations
  • CLimiting the data that the organization maintains
  • DImplementing strong identity and access controls

How the community answered

(42 responses)
  • B
    2% (1)
  • C
    95% (40)
  • D
    2% (1)

Explanation

Data minimization is a foundational principle embedded in virtually every major data privacy regulation, including GDPR, CCPA, and PIPEDA. The principle holds that organizations should collect, process, and retain only the personal data that is strictly necessary for a defined purpose. If the data is never collected or is deleted when no longer needed, the organization eliminates the compliance obligation for that data entirely-reducing legal exposure, breach risk, and regulatory scope all at once. Training (A) and access controls (D) are important supporting controls but do not reduce the volume of regulated data. A regulatory matrix (B) is a tool for tracking compliance, not achieving it.

Topics

#Data Minimization#Compliance Strategy#Privacy Principles

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice