CDPSE · Question #323
Following a merger and acquisition deal, an organization wants to integrate all customers into a single customer relationship management (CRM) system. Which of the following is the IT privacy practiti
The correct answer is A. Personal data processing must adhere to the organization's privacy policy.. After a merger, all personal data processing-including migrating and consolidating customer records-must conform to the acquiring organization's current privacy policy and applicable regulations. Consent obtained by the acquired company was granted under that company's privacy po
Question
Following a merger and acquisition deal, an organization wants to integrate all customers into a single customer relationship management (CRM) system. Which of the following is the IT privacy practitioner’s MOST appropriate response?
Options
- APersonal data processing must adhere to the organization's privacy policy.
- BThe organization may proceed as customer consent has already been obtained.
- CThe existing data privacy practices should be revised to account for the new database.
- DIf the database benefits the customers, it can be done without additional consent.
How the community answered
(42 responses)- A76% (32)
- B7% (3)
- C2% (1)
- D14% (6)
Explanation
After a merger, all personal data processing-including migrating and consolidating customer records-must conform to the acquiring organization's current privacy policy and applicable regulations. Consent obtained by the acquired company was granted under that company's privacy policy, which may differ materially from the acquirer's. Processing that goes beyond what was originally consented to requires updated notice and possibly new consent. Option B is incorrect because prior consent does not automatically transfer or extend to new uses or a new legal entity. Option C frames the issue as revising practices rather than ensuring compliance with existing policy-a weaker standard. Option D is incorrect because customer benefit does not substitute for legal consent requirements under most privacy regulations.
Topics
Community Discussion
No community discussion yet for this question.