Question 32
UnclassifiedWhat is the best reason to segregate highly sensitive data from lower-risk datasets where feasible?
Correct answer: A
Explanation
Segregating highly sensitive data from lower-risk datasets lets controls match the risk level, so access, retention, and monitoring can be tightened where needed. This follows the principle of using “stronger access control, retention, and monitoring choices proportionate to risk,” which reduces exposure and limits unnecessary access.
Why each option is right or wrong
A. Segregation can support stronger access control, retention, and monitoring choices proportionate to risk
Under the principle of data minimization and storage limitation in GDPR Article 5(1)(c) and (e), organizations should keep only what is needed and apply controls appropriate to the sensitivity of the data. Separating high-risk records from routine datasets allows tighter access permissions, shorter retention periods, and more intensive logging or review for the sensitive set, while avoiding over-restrictive controls on lower-risk data.
B. Segregation makes privacy law inapplicable
C. Segregation guarantees no breach will ever occur
D. Segregation is required for all data in every statute