A multinational corporation is expanding its operations into a new country with strict data protection laws. The company needs to ensure compliance while maintaining operational efficiency. Which of the following is the BEST approach to manage this risk?
Trap 1: Accept the risk of non-compliance as a cost of doing business and…
Unacceptable - willful non-compliance can lead to severe penalties and reputational damage.
Trap 2: Assign legal counsel to review local laws and implement a one-time…
Inadequate - continuous monitoring and technical controls are needed.
Trap 3: Create a uniform global privacy policy that satisfies all…
Impractical - local laws vary significantly; a uniform policy may violate some.
- A
Accept the risk of non-compliance as a cost of doing business and set aside a contingency fund for fines.
Why wrong: Unacceptable - willful non-compliance can lead to severe penalties and reputational damage.
- B
Assign legal counsel to review local laws and implement a one-time compliance checklist.
Why wrong: Inadequate - continuous monitoring and technical controls are needed.
- C
Create a uniform global privacy policy that satisfies all jurisdictions with minimal adjustments.
Why wrong: Impractical - local laws vary significantly; a uniform policy may violate some.
- D
Adopt a privacy-by-design framework and conduct a Data Protection Impact Assessment (DPIA) before launching operations.
Correct - Privacy-by-design and DPIA ensure compliance is built into processes.