When developing information security policies and controls for a multinational organization, which set of legal and regulatory requirements must be considered to ensure full compliance?
Only the organization's local municipal or state laws
All applicable local, national, and international laws and regulations
Only international treaties, ignoring local and national statutes
Only the national (federal) laws of the country where headquarters is located
Organizations need to account for the complete legal landscape that applies to their operations and data, including all relevant local, national, and international laws and regulations. Global requirements such as the EU GDPR have extraterritorial reach and can impose significant penalties-up to €20 million or 4 % of worldwide annual turnover-for non-compliance. Focusing only on local or national statutes, or exclusively on international treaties, would leave important obligations unmet and expose the organization to fines, sanctions, and reputational damage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the EU GDPR, and why is it important for multinational organizations?
Open an interactive chat with Bash
What are some examples of international laws that multinational organizations must consider?
Open an interactive chat with Bash
How can organizations ensure compliance with multiple legal and regulatory frameworks globally?