An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation
(GDPR)?
The General Data Protection Regulation (GDPR) applies to the personal data of individuals who reside within the European Union. This includes all EU residents, regardless of their citizenship. The regulation aims to protect the privacy and personal data of individuals living in the EU, and it applies to any organization that processes their data, regardless of where the organization is located. Therefore, the data that must be handled according to the privacy protections of GDPR are those of EU residents.
B is correct, GDPR is for all EU residents.
agree. B seems to be more correct
B is correct
Applies to EU citizens whether you live there or not, you can be in Haiti and the GDPR still protects you
agree. it's for residents
Citizens. D. Residents are protected by EU companies.
Agree Good Thinking.
Both the personal data of EU citizens and EU residents must be handled according to the privacy protections of GDPR, regardless of the location of the organization processing the data. Therefore, option B is correct.
D is the answer according to the official book chap 5 pg 210.
Question refers to subjects "living" in the European Union (EU) and in the US No mention of citizenship about the subjects living in the US, they could be American. Focus on people living in the EU only.
GDPR applies to data subjects situated in the EU (not restricted to EU citizens). Exact wording; “This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union” https://gdpr.eu/article-3-requirements-of-handling-personal-data-of-subjects-in-the-union/ https://www.ashurst.com/en/news-and-insights/legal-updates/territorial-scope-of-the-gdpr---where-does-the-boundary-lie/
Answer is B. The article below confirms this. https://thorteaches.com/cissp-d1-preview-general-data-protection-regulation-gdpr/#:~:text=The%20General%20Data%20Protection%20Regulation,the%20EU%20and%20EEA%20areas. "it covers all the people that live in the EU, not just the citizens, everybody who is there. But then if you are an EU citizen and you live outside the EU, it does not cover you. You have to be physically present in the EU."
GDPR The General Data Protection Regulation applies to all organizations that do business or market to European Union residents, even businesses with no physical EU presence. It addresses how the private data of EU residents is collected, secured, and used.
I go with B - EU residents.
CISSP Official Guide 9th Edition: A major difference between the GDPR and the data protection directive is the widened scope of the regulation. The new law applies to all organizations that collect data from EU residents or process that information on behalf of someone who collects it. Importantly, the law even applies to organizations that are not based in the EU, if they collect information about EU residents.
B - Scope, penalties, and key definitions First, if you process the personal data of EU citizens or residents, or you offer goods or services to such people, then the GDPR applies to you even if you’re not in the EU. https://gdpr.eu/what-is-gdpr/
B. GDPR is concerned about data within the EU, and it doesn't mean just the citizen alone.
Only EU residents regardless of citizenship is protected by GDPR. EU citizens who are ouside EU (e.g., in the U.S.) are not protected by GDPR.
GDPR is concerned with the protection of the personal data of EU citizens, and organizations processing such data must comply with GDPR regulations, regardless of the organization's physical location.
GDRP applies to residents and citizens of EU, you can assume a citizen is also a resident. GDPR applies too to EU citizens living outside the EU
...it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. https://gdpr.eu/what-is-gdpr/
GDPR is specifically designed to protect the personal information of EU citizens and residents. Therefore, it only applies to EU citizens and residents inside the EU. However, it also applies to all companies that process the personal data of EU citizens, regardless of whether or not a company is based in the EU.