Certified in the Governance of Enterprise IT (CGEIT) — Question 71
A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?
Answer options
- A. Mandate the creation of a data privacy policy.
- B. Establish a data privacy budget.
- C. Perform a data privacy impact assessment.
- D. Mandate data privacy training for employees.
Correct answer: A
Explanation
The next logical step for the committee is to mandate the creation of a data privacy policy, as this provides a formal framework to ensure compliance with the defined privacy objectives. Establishing a budget, conducting an impact assessment, or mandating training are important but would follow the establishment of a clear policy that outlines how privacy will be managed.