An organization has software that is not compliant with data protection requirements. To help ensure that appropriate and relevant data protection controls are implemented in the future, the auditor’s BEST course of action would be to:
A. conduct a privacy impact assessment to identity gaps in the organization’s privacy.
B. recommend that privacy checks are included within the solution development life cycle.
C. recommend an executive be appointed to oversee privacy program improvements.
D. map the organization’s business processes to identify personally identifiable information (PII).
A. conduct a privacy impact assessment to identity gaps in the organization’s privacy.
B. recommend that privacy checks are included within the solution development life cycle.
C. recommend an executive be appointed to oversee privacy program improvements.
D. map the organization’s business processes to identify personally identifiable information (PII).