Certified Data Privacy Solutions Engineer (CDPSE) — Question 150

An organization has confirmed a breach of personal data. Which of the following actions should be done NEXT?

Answer options

• A. Inform regulators of breach details.
• B. Review the nature of the breach to determine impacted individuals.
• C. Notify all data subjects of the breach as necessary.
• D. Implement remediation actions to prevent reoccurrence.

Correct answer: B

Explanation

The next logical step is to review the nature of the breach to identify which individuals are affected, making option B the correct choice. Informing regulators and notifying data subjects are important but should follow once the scope of the breach is understood. Implementing remediation actions is necessary, but it is essential to first assess the impact of the breach.