Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?
A . Providing system engineers the ability to search and retrieve data
B . Allowing individuals to have direct access to their data
C . Allowing system administrators to manage data access
D . Establishing a data privacy customer service bot for individuals

View Answer

Answer: B

Explanation:

Any organization collecting information about EU residents is required to operate with transparency in collecting and using their personal information. Chapter III of the GDPR defines eight data subject rights that have become foundational for other privacy regulations around the world: Right to access personal data. Data subjects can access the data collected on them.

One of the privacy requirements related to the rights of data subjects is the right to access, which means that individuals have the right to obtain a copy of their personal data, as well as information about how their data is processed, by whom, for what purposes, and for how long. To meet this requirement, an organization’s technology stack should incorporate features that allow individuals to have direct access to their data, such as self-service portals, dashboards, or applications. This way, individuals can exercise their right to access without relying on intermediaries or manual processes, which can be inefficient, error-prone, or insecure.

Reference: CDPSE Review Manual (Digital Version), page 137