Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations? 

Answer options:

A. Create an inventory of systems where personal data is stored.
B. Encrypt all personal data stored on systems and networks.
C. Evaluate privacy technologies required for data protection.
D. Update disciplinary processes to address privacy violations.

C