Which of the following is the BEST way to protect personal data in the custody of a third party?

1. A. Have corporate counsel monitor privacy compliance.
2. B. Require the third party to provide periodic documentation of its privacy management program.
3. C. Include requirements to comply with the organization’s privacy policies in the contract.
4. D. Add privacy-related controls to the vendor audit plan.

Correct Answer: C
In GDPR parlance, organizations that use third-party service providers are often, but not always, considered data controllers, which are entities that determine the purposes and means of the processing of personal data, which can include directing third parties to process personal data on their behalf. The third parties that process data for data controllers are known as data processors.

Which of the following deployed at an enterprise level will MOST effectively block malicious tracking of user Internet browsing?

1. A. Web application firewall (WAF)
2. B. Website URL blacklisting
3. C. Domain name system (DNS) sinkhole
4. D. Desktop antivirus software

Correct Answer: A

During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?

1. A. Functional testing
2. B. Development
3. C. Production
4. D. User acceptance testing (UAT)

Correct Answer: A

Which of the following is the BEST approach to minimize privacy risk when collecting personal data?

1. A. Use a third party to collect, store, and process the data.
2. B. Collect data through a secure organizational web server.
3. C. Collect only the data necessary to meet objectives.
4. D. Aggregate the data immediately upon collection.

Correct Answer: C

Which of the following should be the FIRST consideration when selecting a data sanitization method?

1. A. Risk tolerance
2. B. Implementation cost
3. C. Industry standards
4. D. Storage type

Correct Answer: D