Which statement best describes data privacy governance?

Controlling who can access data is the enforcement backbone of data privacy governance. Access controls turn policies, DPIAs, and consent requirements into real protections by restricting data exposure to those with a legitimate need and by logging what is accessed or modified. They operationalize privacy by design and compliance measures, making sure intentions become actions across systems. Without strong access controls, policies and assessments exist in theory but cannot prevent unauthorized access or data misuse, so governance cannot be effective in practice. Other elements like policies, DPIAs, and design principles guide what should happen, but access controls are the essential mechanism that actually enforces privacy governance.