During a risk assessment for an online retailer headquartered in Germany and serving customers across the EU, you are asked which legal framework specifically requires the company to notify a supervisory authority of a personal data breach within 72 hours and allows penalties of up to 4 percent of global turnover. Which regulation applies?
Gramm-Leach-Bliley Act (GLBA)
General Data Protection Regulation (GDPR)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
The General Data Protection Regulation (GDPR) is the EU-wide privacy law that governs the processing of personal data of EU residents. Article 33 mandates that a data controller must notify the competent supervisory authority of a personal data breach within 72 hours of becoming aware of it. Article 83 authorizes administrative fines of up to 20 million EUR or 4 percent of the organization's total worldwide annual turnover, whichever is higher. PCI DSS is an industry security standard, not a law, and it does not impose a statutory breach-notification window or percentage-of-turnover fines. HIPAA applies only to protected health information in the United States, and the Gramm-Leach-Bliley Act focuses on U.S. financial institutions; neither matches the described 72-hour requirement or fine structure. Therefore, GDPR is the only option that fulfills both conditions in the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is GDPR and why is it significant?
Open an interactive chat with Bash
What types of data does GDPR protect?
Open an interactive chat with Bash
How does GDPR define a data breach, and what happens if the 72-hour notification deadline is missed?
Open an interactive chat with Bash
What is GDPR and why is it significant?
Open an interactive chat with Bash
What is the purpose of Article 33 under GDPR?
Open an interactive chat with Bash
How do GDPR penalties compare to PCI DSS penalties?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Information Security and Ethical Hacking Overview
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .