CompTIA Security+ (SY0-701) — Question 179

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Answer options

• A. Reporting structure for the data privacy officer
• B. Request process for data subject access
• C. Role as controller or processor
• D. Physical location of the company

Correct answer: C

Explanation

The correct answer is C because understanding whether the organization acts as a data controller or processor is crucial for compliance with data protection regulations. The other options, while important, do not have the same foundational impact on the structure and obligations of a data privacy program.