Assess learners' ability to apply GDPR and CCPA principles and appropriate organizational controls to design a compliant customer data handling workflow. Scope: identify lawful bases and consent requirements, map data flows, apply data minimization and purpose limitation, define retention and deletion practices, handle individual rights/DSARs, plan breach response and cross‑border transfers, manage vendor risk and DPIAs, specify technical and organizational controls (access controls, encryption, logging, training, governance), and produce a brief workflow outline with justification and key compliance metrics.