Question 5
UnclassifiedWhich scenario most clearly shows why privacy governance cannot be delegated entirely to one team?
Correct answer: A
Explanation
A new ad-tech feature touches multiple privacy domains at once, so one team cannot handle it alone. Privacy governance must span product design, legal disclosures, vendor contracts, and security controls because each area creates separate compliance and risk obligations.
Why each option is right or wrong
A. A company launches a new ad-tech feature that affects product design, legal disclosures, vendor contracts, and security controls
The correct choice is the one where a single ad-tech launch triggers obligations across multiple control domains, because privacy governance is not confined to one function when processing changes affect notice, contracts, and technical safeguards at the same time. Under GDPR Articles 5(1)(a), 12–14, 25, 28, and 32, the organization must align lawful transparency, data protection by design and default, processor terms, and appropriate security measures; that requires coordinated input from product, legal, procurement, and security rather than a siloed review.
B. A receptionist orders more printer paper
C. A cafeteria changes its lunch menu
D. A contractor replaces a light bulb in a hallway