Certified Data Privacy Solutions Engineer (CDPSE) — Question 114

Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?

Answer options

• A. To identify controls to mitigate data privacy risks
• B. To classify personal data according to the data classification scheme
• C. To assess the risk associated with personal data usage
• D. To determine the service provider’s ability to maintain data protection controls

Correct answer: C

Explanation

The primary goal of a privacy impact assessment (PIA) is to evaluate the risks linked to the utilization of personal data, making option C the correct choice. While options A, B, and D are important aspects of data management, they do not specifically address the core objective of assessing risk, which is crucial during the onboarding process.