CISSP · Question #1384
The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the
The correct answer is A. Data masking and encryption of personal data. The GDPR is a regulation that aims to protect the privacy and security of the personal data of individuals in the EU. The GDPR requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The data own
Question
The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?
Options
- AData masking and encryption of personal data
- BOnly to use encryption protocols approved by EU
- CAnonymization of personal data when transmitted to sources outside the EU
- DNever to store personal data of EU citizens outside the EU
How the community answered
(61 responses)- A82% (50)
- B5% (3)
- C3% (2)
- D10% (6)
Explanation
The GDPR is a regulation that aims to protect the privacy and security of the personal data of individuals in the EU. The GDPR requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The data owner, who is the person or entity that has the authority and responsibility for the personal data, should therefore consider data masking and encryption of personal data as possible technical measures. Data masking is a technique that replaces or obscures sensitive or identifying information in the personal data with fictitious or random data, such as replacing names with pseudonyms or masking credit card numbers with asterisks. Data encryption is a technique that transforms the personal data into an unreadable or unintelligible form using a secret key, such that only authorized parties with the correct key can access or decrypt the personal data. Data masking and encryption can protect the personal data from unauthorized access, disclosure, or modification, and reduce the impact of data breaches or leaks.
Topics
Community Discussion
No community discussion yet for this question.