Which of the following best describes the main goal of the General Data Protection Regulation (GDPR)?
Think about what GDPR stands for and who it protects.
The GDPR is designed to protect the personal data and privacy rights of individuals in the EU, ensuring organizations handle data responsibly.
Under GDPR, which principle states that personal data must be collected for clear and legitimate reasons?
Consider the principle that limits why data can be collected.
Purpose limitation means data should only be collected for specific, explicit, and legitimate purposes, not for anything else.
According to GDPR, what is the consequence if an organization does not notify the relevant authority about a personal data breach within 72 hours?
Think about GDPR's enforcement and penalties for non-compliance.
GDPR requires timely breach notification; failure to comply can result in significant fines to encourage accountability.
Under GDPR, which right gives people the ability to ask organizations to erase their personal data?
Consider the right that involves removing data completely.
The right to erasure, also called the right to be forgotten, allows individuals to have their personal data deleted under certain conditions.
Which statement best explains how GDPR applies to companies located outside the European Union?
Think about who GDPR protects and when it applies.
GDPR protects EU residents' data and applies to any company processing their data, even if the company is outside the EU.