A firm with global clients wants to follow a broad legal requirement that enforces protections for individuals' personal data and privacy rights across multiple jurisdictions. Which regulation or standard best satisfies these obligations?
Payment Card Industry Data Security Standard focusing on transaction oversight
NIST SP 800-53 emphasizing federal requirements
Open Source Security Testing Methodology Manual targeting assessment strategies
GDPR reflecting various obligations for individual rights
The General Data Protection Regulation (GDPR) is an EU regulation with extraterritorial scope: organizations anywhere in the world that offer goods or services to, or monitor the behavior of, individuals in the EU/EEA must comply. It establishes strict rules on how personal data is collected, processed, and protected, directly safeguarding data-subject rights.
NIST SP 800-53 provides security and privacy controls primarily for U.S. federal information systems, not a global privacy mandate.
The Open Source Security Testing Methodology Manual (OSSTMM) is a penetration-testing methodology, not a regulatory requirement for individual rights.
The Payment Card Industry Data Security Standard (PCI DSS) focuses on securing payment-card transactions, not on comprehensive personal-data rights.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key principles of the GDPR?
Open an interactive chat with Bash
How does the GDPR's extraterritorial scope work?
Open an interactive chat with Bash
What are the penalties for non-compliance with GDPR?