Question 27
Domain 3: Assessing Personal Data and Processing ActivitiesDuring a privacy assessment of a new processing activity, which set of elements should be evaluated to align with the required processing-element review?
Correct answer: B
Explanation
A processing-element review focuses on how data is used, the legal basis for processing, how it is shared, how long it is retained, and what safeguards protect it. — Evaluate processing elements: Evaluate data uses, legal bases, sharing arrangements, retention and safeguards.
Why each option is right or wrong
A. Data categories, marketing channels, vendor budgets, retention, and staffing levels
Required review elements include legal bases, sharing arrangements, and safeguards, not budgets or staffing levels.
B. Data uses, legal bases, sharing arrangements, retention, and safeguards
The processing-element review in the source material specifically identifies five items to evaluate: data uses, legal bases, sharing arrangements, retention, and safeguards. This option matches that list exactly.
C. Consent records, data quality metrics, system uptime, retention, and encryption keys
The required list names data uses, legal bases, sharing arrangements, retention, and safeguards; uptime and data quality metrics are not listed.
D. Collection notices, data subjects, transfer pricing, access logs, and safeguards
The required review includes data uses, legal bases, sharing arrangements, and retention; transfer pricing and data subjects are not part of the listed set.