Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?
A . Detailed documentation of data privacy processes
B . Strategic goals of the organization
C . Contract requirements for independent oversight
D . Business objectives of senior leaders

View Answer

Answer: B

Explanation:

The strategic goals of the organization should be established first before a privacy office starts to develop a data protection and privacy awareness campaign, because they provide the direction, purpose, and scope of the campaign. The strategic goals of the organization reflect its vision, mission, values, and objectives, as well as its alignment with the relevant privacy laws and regulations, stakeholder expectations, and industry best practices. The privacy office should design and implement the awareness campaign in a way that supports and promotes the strategic goals of the organization, as well as measures and evaluates its effectiveness and impact.

Reference: CDPSE Review Manual, 2023 Edition, Domain 1: Privacy Governance, Section 1.1.2: Privacy Strategy Implementation, p. 19

CDPSE Review Manual, 2023 Edition, Domain 1: Privacy Governance, Section 1.3.2: Privacy Awareness and Training Program, p. 38-39

ICO launches data awareness campaign1

Reference: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5/building-a-

privacy-culture