Question 11
Domain 2 — Personal Data Lifecycle ManagementWhich of the following is MOST important to establish within a data storage policy to protect data privacy?
Correct answer: D
Explanation
Collection limitation is most important because privacy laws and data minimization principles require organizations to gather only data needed for a specific purpose. Limiting collection reduces the amount of personal information stored, which lowers the risk of unauthorized access, misuse, and unnecessary retention.
Why each option is right or wrong
A. Data redaction
Redaction masks sensitive content after data is collected; it does not minimize initial collection.
B. Data quality assurance (QA)
Data quality assurance improves accuracy and consistency, not the amount of personal data gathered.
C. Irreversible disposal
Irreversible disposal addresses end-of-life deletion, not limiting what is collected upfront.
D. Collection limitation
Under the GDPR, the data minimization principle in Article 5(1)(c) requires personal data to be "adequate, relevant and limited to what is necessary" for the purpose for which it is processed, and Article 5(1)(b) requires collection only for specified, explicit, and legitimate purposes. A storage policy that sets collection limits directly reduces the volume of personal data held, which is the first control point for privacy risk; by contrast, retention or access controls act only after data has already been collected.