CDPSE Question #9: Real Exam Question with Answer & Explanation

Question

A new marketing application needs to use data from the organization's customer database. Prior to the application using the data, which of the following should be done FIRST?

Options

• AEnsure the data loss prevention (DLP) tool is logging activity.
• BDe-identify all personal data in the database.
• CDetermine what data is required by the application.
• DRenew the encryption key to include the application.

Explanation

Before using data from the organization's customer database for a new marketing application, the first step should be to determine what data is required by the application and for what purpose. This will help to ensure that the data collection and processing are relevant, necessary, and proportionate to the intended use, and that the data minimization principle is followed. Data minimization means that only the minimum amount of personal data needed to achieve a specific purpose should be collected and processed, and that any excess or irrelevant data should be deleted or anonymized. This will also help to comply with the data privacy laws and regulations that apply to the organization, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require organizations to inform data subjects about the types and purposes of data processing, and to obtain their consent if needed.

No community discussion yet for this question.