A company received a “right to be forgotten” request. To legally comply, the company must remove data related to the requester from its systems. Which of the following is the company MOST likely complying with?
A company received a “right to be forgotten” request. To legally comply, the company must remove data related to the requester from its systems. Which of the following is the company MOST likely complying with?
The 'right to be forgotten' is a concept primarily associated with the General Data Protection Regulation (GDPR). The GDPR is a regulation enacted by the European Union that governs the protection of personal data. Specifically, Article 17 of the GDPR provides individuals with the right to have their personal data erased under certain conditions, making legal compliance with such requests a requirement for organizations operating under its jurisdiction.
The right to be forgotten appears in Recitals 65 and 66 and in Article 17 of the GDPR. It states, “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”
Yes. Agre
So much material on this test. I cannot imagine reading all of those and knowing the answer on test day
not that hard lol
For some people it is and I don't think that this comment is very constructive. Yes, this particular question was pretty easy for me but I have seen other questions that people consider easy that I haven't ever heard of. We are all at different points in our studying and some of us have a lot harder time reading textbooks and absorbing information.
The best way for me at least is not to use books. I personally suck with books so if your not great with books and reading to learn use prof Messer, this dump, and a lot of sims if u mainly are visual/hands on. Books won't really help if you learn with hands on/visually.
I passed the AZ900 just by using this site and with no prior knowledge. I did have to research what everything was, but my brain knew it was necessary information and motivated itself.
The "right to be forgotten" is a provision established by the GDPR, which is a comprehensive data protection regulation enacted by the European Union (EU). Under the GDPR, individuals have the right to request the erasure of their personal data from the systems of organizations that process their data. This right allows individuals to have control over their personal information and the ability to request its removal when certain conditions are met. Complying with a "right to be forgotten" request involves identifying and removing all personal data related to the requester from the company's systems, ensuring that the data is no longer accessible or traceable. GDPR imposes strict requirements on organizations regarding the protection and handling of personal data, including the rights of data subjects such as the right to erasure (right to be forgotten).
"The General Data Protection Regulation (GDPR) governs how personal data must be collected, processed, and erased. The “right to be forgotten,” which received a lot of press after the 2014 judgment from the EU Court of Justice, set the precedent for the right of erasure provision contained in the GDPR." https://gdpr.eu/right-to-be-forgotten/
Sad part is that I knew the answer was GDPR because Americans have no right to be forgotten. All our data are belong to Uncle Sam.
now I will never forget this question.
NIST CSF Identify Function: "CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) both have provisions that allow a consumer to know what kind of information is being collected and who it is being sold or transferred to, along with other provisions, such as a right to be forgotten (i.e., have the data deleted). " Since this question says nothing about the EU, or the customers being from Europe specifically, id probably go with Answer A. as it covers the same content, but more appropriate to the context of the question. I don't disagree that GDPR covers it, just that its not exactly the best answer considering the question, hope that helps.
actually correction, after considering it more, its probably GDPR. since the company is being obligated to "legally comply" it cannot be NIST CSF, since that is a voluntary framework. if there was an option for CCPA, id definitely select that given the absence of anything related to Europe, but given that there is not, the other users are most likely correct. sorry for the confusion, but hope that information above is still helpful in some way.
B. GDPR
In Article 17, the GDPR outlines the specific circumstances under which the right to be forgotten applies. An individual has the right to have their personal data erased if: The personal data is no longer necessary for the purpose an organization originally collected or processed it.
GDPR is europe only so we have to assume region, great.
The ''right to be forgotten'' is only provisioned by GDPR, none of the other options cover this right.
Although the GDPR indicates that people have a “right to be forgotten,” that right is not absolute.