(ISC)2 Certified in Cybersecurity Practice Exam

Which law regulates the use of personal information belonging to residents of the European Union?

• A. HIPAA
• B. GDPR
• C. FERPA
• D. CCPA

The correct answer is: GDPR

The correct choice is GDPR, which stands for the General Data Protection Regulation. This regulation came into effect in May 2018 and is designed to enhance the protection of personal data for individuals within the European Union. It establishes strict guidelines for the collection, storage, processing, and sharing of personal information, ensuring that individuals have more control over their personal data. GDPR applies to all organizations that handle personal data of EU residents, regardless of where the organizations are located. This means that even companies outside of the European Union must comply with GDPR when they process the data of individuals in the EU. Key principles of GDPR include the requirement for explicit consent from individuals for data processing, the right to access personal data, the right to rectify data inaccuracies, and the right to request the deletion of personal data under certain conditions. In contrast, HIPAA is focused on healthcare information in the United States and protects the privacy and security of health information. FERPA pertains to the privacy of student education records and is relevant in the context of educational institutions in the U.S. CCPA, or the California Consumer Privacy Act, also provides data protection rights but is specific to California residents and does not encompass the entire European Union like GDPR does. Thus, GDPR is the appropriate regulation