When developing information security policies and controls for a multinational organization, which set of legal and regulatory requirements must be considered to ensure full compliance?
Only the organization's local municipal or state laws
Only international treaties, ignoring local and national statutes
Only the national (federal) laws of the country where headquarters is located
All applicable local, national, and international laws and regulations
Organizations need to account for the complete legal landscape that applies to their operations and data, including all relevant local, national, and international laws and regulations. Global requirements such as the EU GDPR have extraterritorial reach and can impose significant penalties-up to €20 million or 4 % of worldwide annual turnover-for non-compliance. Focusing only on local or national statutes, or exclusively on international treaties, would leave important obligations unmet and expose the organization to fines, sanctions, and reputational damage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is GDPR and why is it important for organizations?
Open an interactive chat with Bash
What are cross-border data transfer laws?
Open an interactive chat with Bash
What are some international standards for data protection organizations should consider?