Certified Data Privacy Solutions Engineer (CDPSE) — Question 100

Which of the following is the BEST way to protect personal data in the custody of a third party?

Answer options

• A. Have corporate counsel monitor privacy compliance.
• B. Require the third party to provide periodic documentation of its privacy management program.
• C. Include requirements to comply with the organization’s privacy policies in the contract.
• D. Add privacy-related controls to the vendor audit plan.

Correct answer: C

Explanation

The correct answer, C, ensures that the third party is contractually obligated to adhere to the organization's privacy policies, providing a clear legal framework for data protection. Options A and B, while helpful, do not guarantee compliance as effectively as a contractual requirement. Option D enhances oversight but does not directly enforce compliance with the organization's privacy policies.