Question 28
Domain 2: Privacy Risk ManagementA privacy office scores systems only on whether a control exists. Engineering wants the model to reflect what could happen to people if the control fails. Which added factor most improves the model?
Correct answer: C
Explanation
A model that only checks whether a control exists measures presence, not impact. Adding "severity of potential harm to individuals" aligns the score with privacy risk, because privacy assessments focus on the consequences to people if a control fails.
Why each option is right or wrong
A. Vendor annual revenue
B. Sprint velocity
C. Severity of potential harm to individuals
The scoring model is incomplete if it only records the existence of a safeguard, because privacy risk assessments are meant to evaluate the consequences to data subjects when a safeguard fails. Under GDPR Article 35(7)(c), a DPIA must assess the risks to the rights and freedoms of natural persons, and Recital 75 specifically points to harms such as discrimination, identity theft, financial loss, reputational damage, and loss of confidentiality. Adding the severity of potential harm to individuals therefore makes the model measure impact, not just control presence.
D. Number of open product features