Certified Information Privacy Manager (CIPM) — Question 73

Which of the following actions is NOT required during a data privacy diligence process for Merger & Acquisition (M&A) deals?

Answer options

• A. Revise inventory of applications that house personal data and data mapping.
• B. Update business processes to handle Data Subject Requests (DSRs).
• C. Compare the original use of personal data to post-merger use.
• D. Perform a privacy readiness assessment before the deal.

Correct answer: B

Explanation

Updating business processes to manage Data Subject Requests (DSRs) is not a mandatory step during the data privacy diligence for M&A deals, making it the correct answer. In contrast, revising the inventory of applications, comparing personal data usage, and conducting a privacy readiness assessment are essential actions to ensure compliance and mitigate risks during a merger or acquisition.