Home MCQs CISA Question #6855
Back to Questions
CISA QUESTION #6855
Question 1
During a privacy compliance audit, an auditor discovers that customer consent forms are collected but not stored in an accessible system. When customers request data deletion, the organization cannot verify what consent was originally provided. What is the PRIMARY compliance risk?
  • Inefficient storage
  • Inability to demonstrate consent and honor data subject rights per privacy regulations✔️
  • Poor document management
  • Increased manual effort
Correct Answer Explanation
Privacy regulations like GDPR require organizations to demonstrate lawful basis for processing (consent) and honor data subject rights (deletion requests). Without accessible consent records, the organization cannot prove processing was lawful and cannot properly respond to deletion requests, creating significant regulatory violation risk.