Your organization acquires a competitor and inherits their customer database containing PII subject to GDPR. The integration team wants to merge both databases immediately to eliminate duplicate customer records. The acquired company's privacy notices did not disclose data sharing with third parties. What should you do FIRST? A. Obtain updated consent from the acquired company's customers before merging B. Conduct a data protection impact assessment on the proposed database merge C. Proceed with the merge using the acquiring company's existing privacy framework D. Engage the DPO to determine whether a lawful basis for processing exists under the new entity Come back for the answer tomorrow, or study more now!

A global financial organization spread over multiple countires is facing sophisticated attack. During a potential ransomware attack that is slowly encrypting critical data at its cenrtal server. COO has informed the CISO for guidance. Which of the following is the MOST critical role in the disaster declaration process?. Options: - Chief Information Security Officer (CISO) - Chief Operations Officer (COO) - Chief Executive Officer (CEO) - Chief Risk Officer (CRO)

Your organization passes its annual SOC 2 Type II audit with no findings. Two months later, a penetration test reveals a critical vulnerability in a customer-facing application that has existed for over a year. The board questions why the audit missed it. What is the BEST explanation? A. The penetration testing firm used more advanced techniques than the SOC 2 auditors B. SOC 2 evaluates control design and operating effectiveness, not technical vulnerability discovery C. The audit scope was improperly defined and should have included application testing D. The auditors failed to meet professional due diligence standards Come back for the answer tomorrow, or study more now!

Welcome to the group! Please share what you hope to gain from being here, and for fun, tell us the best piece of advice you've ever received!