CDPSE Exam Dumps : Certified Data Privacy Solutions Engineer

The best approach for handling personal data that has been restricted is to flag users’ email addresses to make sure they do not receive promotional information, because this will respect the users’ preferences and rights to opt out of marketing communications. This will also help the company comply with the data protection laws and regulations that require consent and transparency for sending marketing emails, such as the General Data Protection Regulation (GDPR) and the CAN-SPAM Act12. The other options are not appropriate or sufficient for handling restricted data, because they may violate the users’ rights, expectations, or agreements, or cause operational issues for the company.

An audit log is a record of the activities and events that occur in an information system, such as an application hosting personal data. An audit log can help to monitor, detect, investigate and prevent unauthorized or malicious access, use, modification or deletion of personal data. An audit log can also help to demonstrate compliance with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). An audit log should capture the following information for each event: 9

The date and time of the event

The identity of the user or system that performed the event

The type and description of the event

The outcome or result of the event

The personal data that were accessed, used, modified or deleted

The last user who accessed personal data is the most important information to capture in the audit log, as it can help to identify who is responsible for any data breach or misuse of personal data. It can also help to verify that only authorized and legitimate users have access to personal data, and that they follow the data use policy and the principle of least privilege. The last user who accessed personal data can also help to support data subjects’ rights, such as the right to access, rectify, erase or restrict their personal data.

The other options are less important or irrelevant to capture in the audit log of an application hosting personal data. Server details of the hosting environment are not related to personal data, and they can be obtained from other sources, such as network logs or configuration files. Last logins of privileged users are important to capture in a separate audit log for user account management, but they do not indicate what personal data were accessed or used by those users. Application error events are important to capture in a separate audit log for system performance and reliability, but they do not indicate what personal data were affected by those errors.

Privacy by design is an approach that embeds privacy principles and considerations into the design and development of products, services, systems, and processes that involve personal data. Privacy by design aims to protect the privacy and security of the data subjects, as well as to comply with the applicable privacy laws and regulations. One of the key principles of privacy by design is to obtain the consent and choice of the data subjects regarding the collection, use, and disclosure of their personal data. Therefore, the best example of privacy by design in the development of a consumer mobile application is to require consent before sharing locations, as this gives the data subjects control and transparency over their personal data. The other options are not as effective or sufficient as requiring consent before sharing locations, as they do not address the principle of consent and choice, or they may violate other privacy principles or requirements.