Certified Data Privacy Solutions Engineer (CDPSE) — Question 35

A project manager for a new data collection system had a privacy impact assessment (PIA) completed before the solution was designed. Once the system was released into production, an audit revealed personal data was being collected that was not part of the PIA. What is the BEST way to avoid this situation in the future?

Answer options

• A. Conduct a privacy post-implementation review.
• B. Document personal data workflows in the product life cycle.
• C. Incorporate privacy checkpoints into the secure development life cycle.
• D. Require management approval of changes to system architecture design.

Correct answer: D

Explanation

The best way to prevent this issue in the future is to require management approval of changes to system architecture design, ensuring that any modifications are reviewed for compliance with the PIA. The other options, while helpful, do not provide the same level of oversight and control over changes that could impact privacy compliance.