An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:

An information security manager at a global organization has to ensure that the local information
security program will initially ensure compliance with the:

An information security manager at a global organization has to ensure that the local information
security program will initially ensure compliance with the:

A.
corporate data privacy policy.

B.
data privacy policy where data are collected.

C.
data privacy policy of the headquarters’ country.

D.
data privacy directive applicable globally.

Explanation:

As a subsidiary, the local entity will have to comply with the local law for data collected in the
country. Senior management will be accountable for this legal compliance. The policy, being
internal, cannot supersede the local law. Additionally, with local regulations differing from the
country in which the organization is headquartered, it is improbable that a group wide policy will
address all the local legal requirements. In case of data collected locally (and potentially
transferred to a country with a different data privacy regulation), the local law applies, not the law
applicable to the head office. The data privacy laws are country-specific.



Leave a Reply 0

Your email address will not be published. Required fields are marked *