A company is planning an AI service for Europe and is researching the regulations that apply. Which regulation strictly governs the handling of personal data within the EU, including the data subject's consent, rights, and cross-border transfers?
A question about choosing the EU personal data protection regulation.
HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law concerning the protection of health information.
It is a personal data protection law, but its scope is U.S. health information, and the regulation that governs personal data within the EU in general is GDPR, so this is incorrect.
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is an industry standard that protects cardholder data.
It is specific to card information and is not a regulation for personal data within the EU in general, so this is incorrect.
SOC 2
SOC 2 (System and Organization Controls 2) is a third-party reporting standard for the internal controls of a service organization.
It is not a legal regulation that governs the rights or cross-border transfers of personal data, so this is incorrect.
GDPR
Correct. GDPR (General Data Protection Regulation) is a regulation that strictly governs the handling of personal data within the EU, including consent, rights, and cross-border transfers. Violations carry large fines.
Note the correct answer, GDPR (General Data Protection Regulation).
- A regulation that strictly governs the handling of personal data within the EU, including the data subject's consent, rights, and cross-border transfers.
- Violations carry large fines, and companies providing services to the EU must comply.