The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?
The European Union General Data Protection Regulation (GDPR) mandates that organizations implement suitable technical and organizational measures for data protection to ensure a level of security that matches the risk. Data masking and encryption of personal data are specific measures that align with GDPR's requirement to secure personal data against unauthorized access and potential breaches.
A data owner is responsible for the data within their perimeter in terms of its collection, protection and quality.
Only possible regarding biz
GDPR requires that all EU citizen data be stored within the EU.
Does GDPR data need to be stored in EU? The GDPR requires that all data collected on citizens must be either stored in the EU, so it is subject to European privacy laws, or within a jurisdiction that has similar levels of protection.
B is correct
Data masking and encryption of personal data are some of the measures that can be taken to ensure the security of personal data. However, the GDPR does not require organizations to store personal data of EU citizens only within the EU or use encryption protocols approved by the EU. In contrast, the Russian law of privacy requires companies to store personal data of Russian citizens on servers located within the territory of the Russian Federation. Failure to comply with this requirement may result in fines and other penalties. The GDPR does not impose such a requirement.
The correct answer is B. Data masking and encryption of personal data. The EU General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure the security of personal data. Data masking and encryption are examples of such measures.
Option A states "Never store personal data of European Union citizens outside the European Union." Although the international transfer of personal data outside the EU is subject to restrictions under the General Data Protection Regulation (GDPR), the law does not strictly prohibit the storage of EU citizens' data outside the region. Rather than outright prohibiting the storage of data outside the EU, the GDPR states that when personal data is transferred outside the European Union to non-EU countries, appropriate safeguards must be implemented to ensure an adequate level of data protection. These safeguards may include standard contractual clauses, the use of approved certification instruments, or the assessment of the adequacy of the recipient country in terms of data protection.
No way its B "think like a manager" - has to be D.