Question 26
Domain 3: The Privacy Technologist’s Role in the OrganizationSupport agents currently export customer data to CSV and email the files to requesters. What is the BEST improvement?
Correct answer: B
Explanation
A role-based export workflow limits access to authorized users, and approval plus MFA adds strong access control before sensitive data is released. Temporary delivery links are safer than emailed attachments because they reduce uncontrolled forwarding and exposure of customer data.
Why each option is right or wrong
A. Allow any agent to export anything as long as they add a disclaimer
B. Use a role-based export workflow with approval, MFA, and temporary delivery links instead of manual email attachments
Under GDPR Article 5(1)(f), personal data must be processed with appropriate security, and Article 32 requires measures such as access control and the ability to ensure ongoing confidentiality and integrity. Replacing ad hoc email attachments with a role-based export process, approval gate, MFA, and expiring delivery links directly reduces unauthorized disclosure risk and gives a controlled, auditable release path for customer data.
C. Compress the CSV file into a ZIP archive and leave the rest of the process unchanged
D. Ask agents to rename the file so it looks less sensitive