Question 18
Domain 3 — Privacy Architecture and Data Protection by DesignWhich of the following is the BEST way to manage different IT staff access permissions for personal data within an organization?
Correct answer: D
Explanation
Role-based access control assigns permissions based on job function, so staff only receive access needed for their role. This follows the principle of least privilege, which limits exposure of personal data and makes permissions easier to manage across an organization.
Why each option is right or wrong
A. Mandatory access control
Mandatory access control uses centrally enforced labels and classifications, not typical business-role permission management.
B. Network segmentation
Network segmentation separates systems or traffic paths; it does not define user-level data permissions.
C. Dedicated access system
A dedicated access system may store or broker access, but the question asks for the permission model.
D. Role-based access control
Under GDPR Article 5(1)(c), personal data must be limited to what is necessary for the purpose, and Article 32 requires appropriate access controls to protect confidentiality. A role-based model is the standard way to operationalize this in an organization because permissions are tied to defined duties, so access can be granted and revoked consistently without giving broad, unnecessary visibility to personal data.