Question 32
Domain 3: Assessing Personal Data and Processing ActivitiesA privacy team has completed scoping of several processing activities and must decide where to focus limited review and remediation resources first. Based on the source material, what should the team use to prioritize reviews, controls, and remediation?
Correct answer: B
Explanation
Scoping results are used to determine the order and focus of reviews, controls, and remediation efforts. Prioritization should follow the outcomes of scoping rather than unrelated operational factors. — Use scoping results to prioritize reviews, controls and remediation.
Why each option is right or wrong
A. Use the age of each processing activity to decide the order of review and remediation.
Prioritization is based on scoping results, not how long an activity has existed.
B. Use the scoping results to determine priorities for reviews, controls, and remediation.
The source states that scoping results should be used to prioritize reviews, controls, and remediation. In this scenario, the team has already completed scoping, so those results are the direct basis for deciding where limited resources should be applied first.
C. Use the number of business units involved to set priorities for reviews and controls.
The stated prioritization basis is scoping results, not organizational breadth alone.
D. Use the implementation date of planned controls to determine remediation priority.
Reviews, controls, and remediation are prioritized from scoping results, not control scheduling.