CDPSE Question #56: Real Exam Question with Answer & Explanation

Question

Which of the following is the BEST indication of an effective records management program for personal data?

Options

• AArchived data is used for future analytics.
• BThe legal department has approved the retention policy.
• CAll sensitive data has been tagged.
• DA retention schedule is in place.

Explanation

A retention schedule is a document that specifies how long different types of records or data should be kept and when they should be deleted or disposed of, based on legal, regulatory, operational or historical requirements. A retention schedule is the best indication of an effective records management program for personal data, as it reflects the principles of data minimization and storage limitation, which require limiting the collection, storage and processing of personal data to what is necessary and relevant for the intended purposes, and deleting or disposing of personal data when it is no longer needed or justified. A retention schedule also helps to reduce the privacy risks and costs associated with data storage and retention, such as data breaches, unauthorized access, misuse or loss of data. The other options are not as indicative of an effective records management program for personal data as a retention schedule. Archived data is used for future analytics may indicate that the organization is leveraging its data assets for business intelligence or research purposes, but it may not comply with the principles of data minimization and storage limitation, or the privacy rights and preferences of the data subjects. The legal department has approved the retention policy may indicate that the organization has obtained legal advice or guidance on its records management program for personal data, but it may not reflect the actual implementation or execution of the retention policy. All sensitive data has been tagged may indicate that the organization has implemented a data classification scheme for its records or data, but it may not indicate how long the records or data should be kept or when they should be deleted or disposed of.

No community discussion yet for this question.