CISSP Question #1413: Real Exam Question with Answer & Explanation

Question

Which of the following regulations dictates how data breaches are handled?

Options

• ASarbanes-Oxley (SOX)
• BNational Institute of Standards and Technology (NIST)
• CPayment Card Industry Data Security Standard (PCI-DSS)
• DGeneral Data Protection Regulation (GDPR)

Explanation

The General Data Protection Regulation (GDPR) is a regulation that dictates how data breaches are handled, among other data protection and privacy requirements. The GDPR applies to any organization that processes the personal data of individuals in the European Union (EU), regardless of the location of the organization. The GDPR defines a personal data breach as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed". The GDPR requires the organization to notify the supervisory authority of the data breach within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of the individuals. The GDPR also requires the organization to notify the affected individuals of the data breach without undue delay, if the breach is likely to result in a high risk to their rights and

No community discussion yet for this question.