Learn which data protection regulation, GDPR, PCI DSS, NIST or ISO, governs individual rights like the right to be informed, right of access and right to be forgotten.
Table of Contents
Question
Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten?
A. GDPR
B. PCI DSS
C. NIST
D. ISO
Answer
A. GDPR
Explanation
GDPR is a comprehensive data protection law that went into effect in the European Union (EU) in May 2018. It strengthens data protection for individuals within the EU and addresses the export of personal data outside the EU.
Key individual rights provided by GDPR include:
- Right to be informed: Organizations must provide transparency about how personal data will be used
- Right of access: Individuals can request a copy of their personal data
- Right to rectification: Individuals can have inaccurate data corrected
- Right to erasure (“right to be forgotten”): Individuals can request deletion of their data
- Right to restrict processing: Individuals can limit how their data is used
- Right to data portability: Allows individuals to obtain and reuse their data across services
- Right to object: Individuals can object to processing of their data in certain circumstances
- Rights regarding automated decision making and profiling
The other options deal with different aspects of information security:
B. PCI DSS governs credit card data security
C. NIST provides cybersecurity standards and guidelines
D. ISO publishes international standards on a variety of topics
But GDPR is the regulation focused on protecting the data rights of individuals. Therefore, A is the correct answer to this question.
CompTIA SY0-701 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the CompTIA SY0-701 exam and earn CompTIA SY0-701 certification.