A new marketing application needs to use data from the organization’s customer database.
Prior to the application using the data, which of the following should be done FIRST?
A . Ensure the data loss prevention (DLP) tool is logging activity.
B . De-identify all personal data in the database.
C . Determine what data is required by the application.
D . Renew the encryption key to include the application.
Answer: C
Explanation:
Before using data from the organization’s customer database for a new marketing application, the first step should be to determine what data is required by the application and for what purpose. This will help to ensure that the data collection and processing are relevant, necessary, and proportionate to the intended use, and that the data minimization principle is followed. Data minimization means that only the minimum amount of personal data needed to achieve a specific purpose should be collected and processed, and that any excess or irrelevant data should be deleted or anonymized1. This will also help to comply with the data privacy laws and regulations that apply to the organization, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require organizations to inform data subjects about the types and purposes of data processing, and to obtain their consent if needed23.
Reference: ISACA, Data Privacy Audit/Assurance Program, Control Objective 2: Data Minimization, p. 61
ISACA, GDPR Data Protection Impact Assessments, p. 4-52
ISACA, CCPA vs. GDPR: Similarities and Differences, p. 1-23
Latest CDPSE Dumps Valid Version with 120 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund