Oct 30 • 🙋♂️ CISSP
CISSP Practice Question – Legal & Compliance (Privacy & Data Protection)
A global e-commerce company processes customer payment information from multiple regions, including the European Union and the United States. During a routine audit, it is discovered that EU customer data is being stored on U.S.-based servers without a proper legal mechanism in place to validate the transfer.
Which of the following actions should the organization take FIRST to comply with privacy and data protection requirements?
A. Encrypt all stored EU customer data using AES-256 encryption.
B. Implement Standard Contractual Clauses (SCCs) or another approved transfer mechanism.
C. Anonymize all EU customer data before storage in the U.S.
D. Notify the affected EU customers and supervisory authority of the violation.
answer tomorrow! study more at cissp.app
4
16 comments
CISSP Practice Question – Legal & Compliance (Privacy & Data Protection)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+41
2
+30
3
+30
4
+26
5
+24
Powered by