Global Service Deployment and GDPR Compliance | Exam CAS-004: CompTIA CASP+

Ensuring GDPR Compliance for Global Service Deployment

Question

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

AB.

https://gdpr.eu/compliance-checklist-us-companies/
* Conduct an information audit for EU personal data

Confirm that your organization needs to comply with the GDPR. First, determine what personal data you process and
whether any of it belongs to people in the EU. If you do process such data, determine whether “the processing
activities are related to offering goods or services to such data subjects irrespective of whether connected to a
payment.” Recital 23 can help you clarify whether your activities qualify as subject to the GDPR. If you are subject to
the GDPR, continue to the next steps.

* Inform your customers why you're processing their data

To ensure compliance with the General Data Protection Regulation (GDPR) when deploying a global service, the company must take the following two actions:

  1. Inform users regarding what data is stored: GDPR requires companies to be transparent about the collection, use, and storage of personal data. Companies must inform users about the personal data they collect, how it will be used, who will have access to it, and how long it will be retained. This information should be presented in a clear and concise manner that is easily accessible to users.

  2. Provide data deletion capabilities: GDPR grants users the "right to be forgotten," which means that they can request that their personal data be deleted. Companies must provide users with a way to delete their data, and must also have policies and procedures in place to ensure that deleted data is removed from all systems and backups.

The other answer choices are not directly related to GDPR compliance:

B. Provide opt-in/out for marketing messages: While GDPR does require companies to obtain explicit consent from users before sending marketing messages, this is not the main focus of GDPR compliance.

D. Provide optional data encryption: While data encryption can be an effective security measure, it is not a requirement for GDPR compliance.

E. Grant data access to third parties: GDPR places strict requirements on data sharing with third parties, and companies must ensure that such sharing is done in a secure and compliant manner. However, granting data access to third parties is not a requirement for GDPR compliance.

F. Provide alternative authentication techniques: While strong authentication measures are important for security, they are not directly related to GDPR compliance.