CompTIA Security+ (SY0-601) — Question 258

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

Answer options

• A. Data custodian
• B. Data controller
• C. Data protection officer
• D. Data processor

Correct answer: B

Explanation

The correct answer is B, as the data controller is the entity that determines the purposes and means of processing personal data. The data custodian (A) is primarily responsible for the management and protection of data, while the data protection officer (C) ensures compliance with data protection laws, and the data processor (D) processes data on behalf of the data controller.