Which of the following indicates a risk of non-compliance with data protection regulations?

Failure to document data processing activities indicates a risk of non-compliance with data protection regulations because proper documentation is crucial for demonstrating accountability and transparency in data handling. Regulations such as the General Data Protection Regulation (GDPR) and others often require organizations to maintain records of their data processing activities, allowing them to provide evidence of compliance during audits or assessments.

Without proper documentation, a company may fail to identify how data is collected, used, and shared, making it difficult to respond to inquiries from regulators or to verify that they are respecting the rights of individuals. This can lead to significant compliance risks, including potential fines and reputational damage.

In contrast, regularly clearing old data, utilizing encryption for sensitive information, and updating privacy policies are all practices that contribute positively toward data protection compliance and are proactive measures that enhance an organization's data governance framework.