15d β’ πββοΈ CISSP
CISSP Practice Question (Domain 1: Security and Risk Management)
Your organization acquires a competitor and inherits their customer database containing PII subject to GDPR. The integration team wants to merge both databases immediately to eliminate duplicate customer records. The acquired company's privacy notices did not disclose data sharing with third parties. What should you do FIRST?
A. Obtain updated consent from the acquired company's customers before merging
B. Conduct a data protection impact assessment on the proposed database merge
C. Proceed with the merge using the acquiring company's existing privacy framework
D. Engage the DPO to determine whether a lawful basis for processing exists under the new entity
Come back for the answer tomorrow, or study more now!
1
20 comments
CISSP Practice Question (Domain 1: Security and Risk Management)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+33
2
+30
3
+28
4
+25
5
+24
Powered by