nerdexam
Isaca

CDPSE · Question #79

A migration of personal data involving a data source with outdated documentation has been approved by senior management. Which of the following should be done NEXT?

The correct answer is B. Ensure appropriate data classification.. When documentation is outdated, the organization may not know exactly what personal data exists or how sensitive it is. Data classification must be performed next to identify and categorize the data before migration begins. This determines what privacy and security controls are r

Data Life Cycle

Question

A migration of personal data involving a data source with outdated documentation has been approved by senior management. Which of the following should be done NEXT?

Options

  • AReview data flow post migration.
  • BEnsure appropriate data classification.
  • CEngage an external auditor to review the source data.
  • DCheck the documentation version history for anomalies.

How the community answered

(56 responses)
  • A
    9% (5)
  • B
    82% (46)
  • C
    4% (2)
  • D
    5% (3)

Explanation

When documentation is outdated, the organization may not know exactly what personal data exists or how sensitive it is. Data classification must be performed next to identify and categorize the data before migration begins. This determines what privacy and security controls are required during and after the migration. Reviewing data flow post-migration (A) is a post-migration activity. Engaging an external auditor (C) may be warranted but is not the immediate next step. Checking documentation version history for anomalies (D) may provide some context but does not address the fundamental need to understand the actual current state of the data before moving it.

Topics

#Data classification#Data migration#Privacy risk management#Data lifecycle management

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice