Certified in Risk and Information Systems Control (CRISC) — Question 1385

Which of the following practices MOST effectively safeguards the processing of personal data?

Answer options

• A. Personal data attributed to a specific data subject is tokenized.
• B. Data protection impact assessments are performed on a regular basis.
• C. Personal data certifications are performed to prevent excessive data collection.
• D. Data retention guidelines are documented, established, and enforced.

Correct answer: B

Explanation

Option B is correct because regular data protection impact assessments help identify and mitigate potential risks associated with personal data processing. The other options, while important, do not provide the same level of ongoing evaluation and improvement of data protection practices as regular assessments do.