Certified Data Privacy Solutions Engineer (CDPSE) — Question 197
Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?
Answer options
- A. Develop a data migration plan.
- B. Conduct a legitimate interest analysis (LIA).
- C. Perform a privacy impact assessment (PIA).
- D. Obtain consent from data subjects.
Correct answer: C
Explanation
Performing a privacy impact assessment (PIA) is crucial as it identifies potential privacy risks associated with the data migration before any other actions are taken. Developing a data migration plan or obtaining consent are important steps, but they should follow the initial assessment of privacy impacts to ensure compliance and address risks appropriately. Conducting a legitimate interest analysis (LIA) is not the first step in this context.