Certified Data Privacy Solutions Engineer (CDPSE) — Question 163

Following a merger and acquisition deal, an organization wants to integrate all customers into a single customer relationship management (CRM) system. Which of the following is the IT privacy practitioner’s MOST appropriate response?

Answer options

• A. Personal data processing must adhere to the organization's privacy policy.
• B. The organization may proceed as customer consent has already been obtained.
• C. The existing data privacy practices should be revised to account for the new database.
• D. If the database benefits the customers, it can be done without additional consent.

Correct answer: A

Explanation

The correct answer, A, emphasizes that personal data processing must comply with the organization's privacy policy, which is crucial for maintaining compliance and protecting customer data. Option B is incorrect because prior consent does not automatically apply to new integrations. Option C, while relevant, does not directly address the immediate need for compliance with the existing privacy policy. Option D is misleading as it implies that customer benefit overrides the need for consent, which is not aligned with privacy regulations.