🔥 3-day streak
CompTIA SecurityX (CAS-005)25 / 120
Question 25 of 120

A retailer wants to use existing customer purchase history to send targeted product recommendations via email. The DPO must document the appropriate GDPR lawful basis before the marketing team launches the campaign. The customers were not asked for marketing consent at signup, and the retailer believes the processing is reasonably expected by customers but wants to avoid over-relying on consent. Which action should the DPO take to establish a defensible lawful basis for this processing?

Reviewed for accuracy · Report an issueNext question