I would go with A and C as Erasure is part of GDPR compliance. A citizen has the right to request their data be deleted.

GDPR requires, Transparency on data you collect and store. Furthermore users need to have the an option to completely erase or copy their data if they decide opt out

B only refers to Spam.

A and C since opt out of spam is not part of the GDPR.

When it comes to GDPR, the answer is AC

GDPR does require now to have an opt-in/out for marketing messages. C although sounds correct it is not, you are not required to provide a capability to erase date, you just need to provide a way for user to request date. Capability means they can erase their own data but that is not true you will have to request through legal department to have all your data erased for update on the email GDPR see link below https://www.zettasphere.com/gdpr-consent-opt-in-examples/

GDPT A and C

Winterz, which is why answer is A and B the option to opt out is within GDPR compliance.

A. Inform users regarding what data is stored: GDPR mandates transparency about data processing. Companies must inform users about what data is being collected, how it will be used, and who it will be shared with. C. Provide data deletion capabilities: Under GDPR, individuals have the right to be forgotten. This means companies must provide users with the ability to request the deletion of their personal data.

GDPR allows data to be requested for erasure and it is required to notify users how their information will be used, processed, and stored. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

The assumption is that this worldwide system is deliberately marketed at EU people. If so, A&C are the answers. If the system is not targeted at EU citizens (even if they could possibly use it), GDPR would not apply; 'worldwide' is a big place, covering lots of jurisdictions.

The main rights for individuals under the GDPR are to: allow subject access have inaccuracies corrected have information erased prevent direct marketing prevent automated decision-making and profiling allow data portability (as per the paragraph above) source: https://www.clouddirect.net/11-things-you-must-do-now-for-gdpr-compliance/

The correct answers are (A and B)

A and B are most correct.

Based on this site: https://advisera.com/articles/a-summary-of-10-key-gdpr-requirements/#:~:text=GDPR%20lays%20out%20responsibilities%20for%20organisations%20to%20ensure,an%20organisation%20is%20not%20complying%20with%20GDPR%20requirements. Going with A and C A: From "Lawful, fair and transparent processing" Transparent means that companies must inform data subjects about the processing activities on their personal data. C: From "Data subject rights" The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data. I see nothing regarding opting in or out of marketing.

To ensure GDPR (General Data Protection Regulation) compliance when deploying a global service, the company should consider the following options: A. Inform users regarding what data is stored: This is a key requirement under GDPR. Companies must be transparent about the data they collect, process, and store. Providing users with information about the types of data being stored and the purposes for which it is used is crucial for compliance. C. Provide data deletion capabilities: GDPR gives individuals the right to have their personal data erased under certain conditions. Therefore, the company should implement mechanisms to allow users to request the deletion of their data, and the company must comply with such requests in a timely manner.

A,B Opt in/out is a thing under GDPR 22. Deletion capabilities have further requirements. Transparency is a no brainer.