You have been engaged to conduct a penetration test on a web application hosted in the European Union. This application processes payment transactions and handles personal user data. Ensuring that your testing methodology is compliant with all relevant legal frameworks, what is the BEST course of action to take during the planning phase?
Identify all regulatory frameworks pertinent to the processing of financial transactions and personal data within the application's jurisdiction to define compliant testing strategies.
Proceed with the penetration test by targeting common vulnerabilities, prioritizing the discovery of security issues over adherence to specific legal requirements.
Recommend that the application should be moved to a data center in another region with less restrictive data protection laws to simplify testing procedures.
Limit the scope of the penetration test to only manual techniques on the premise that automated testing could infringe on data protection policies.