Certified Data Privacy Solutions Engineer (CDPSE) — Question 122

Which of the following should be reviewed FIRST as part of an audit of controls implemented to mitigate data privacy risk?

Answer options

• A. Privacy impact assessment (PIA)
• B. Security impact assessment
• C. Privacy policies and procedures
• D. Privacy risk and control framework

Correct answer: A

Explanation

The Privacy Impact Assessment (PIA) is crucial because it evaluates how personal data is handled and identifies potential privacy risks. It serves as a foundational document that can guide the review of other controls. In contrast, the other options, while important, are secondary to the insights gained from the PIA.