A firm with global clients wants to follow a broad legal requirement that enforces protections for individuals' personal data and privacy rights across multiple jurisdictions. Which regulation or standard best satisfies these obligations?
GDPR reflecting various obligations for individual rights
Open Source Security Testing Methodology Manual targeting assessment strategies
Payment Card Industry Data Security Standard focusing on transaction oversight
The General Data Protection Regulation (GDPR) is an EU regulation with extraterritorial scope: organizations anywhere in the world that offer goods or services to, or monitor the behavior of, individuals in the EU/EEA must comply. It establishes strict rules on how personal data is collected, processed, and protected, directly safeguarding data-subject rights.
NIST SP 800-53 provides security and privacy controls primarily for U.S. federal information systems, not a global privacy mandate.
The Open Source Security Testing Methodology Manual (OSSTMM) is a penetration-testing methodology, not a regulatory requirement for individual rights.
The Payment Card Industry Data Security Standard (PCI DSS) focuses on securing payment-card transactions, not on comprehensive personal-data rights.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is GDPR, and why is it important?
Open an interactive chat with Bash
How does GDPR differ from other security standards like NIST SP 800-53?
Open an interactive chat with Bash
What types of organizations are required to comply with GDPR?