CREST Practitioner Security Analyst (CPSA) 2025 – 400 Free Practice Questions to Pass the Exam

The General Data Protection Regulation (GDPR) is a landmark regulation in the European Union (EU) that is specifically designed to protect the personal data of individuals. Implemented in May 2018, GDPR sets stringent guidelines for data collection, storage, and processing, ensuring that individuals have enhanced rights over their personal data.

One of the key aspects of GDPR is its focus on privacy and security. It requires organizations to handle personal data with consent and provides individuals with rights such as the right to access their data, the right to rectify inaccuracies, and the right to erase data, often referred to as the "right to be forgotten." GDPR also imposes heavy penalties on organizations that fail to comply with its provisions, emphasizing its importance in safeguarding personal data.

In the context of the other options: FISMA is focused primarily on federal information security in the United States, PCI DSS pertains to payment card industry standards for securing credit card information, and GLBA is related to financial institutions' handling of consumers' personal financial information. These regulations serve different purposes and do not provide the broad scope of personal data protection that GDPR does within the EU.