Information Technology Specialist (ITS) Cybersecurity Practice Exam

Which legal regulatory framework must a U.S. company comply with to protect customer privacy when dealing with a company in Germany?

• A. HIPAA
• B. GDPR
• C. FERPA
• D. SOX

The correct answer is: GDPR

The General Data Protection Regulation (GDPR) is the correct legal regulatory framework that a U.S. company must comply with when dealing with customer data in Germany. The GDPR is a comprehensive data protection law enacted by the European Union, which came into effect in May 2018. It establishes stringent requirements for the processing and storage of personal data of individuals within the EU, regardless of where the data is processed or the company is located. When a U.S. company interacts with customers in Germany, it must adhere to the principles outlined in the GDPR, including obtaining explicit consent for data processing, ensuring data protection rights such as access, rectification, and erasure, and maintaining the security of personal data. Non-compliance can lead to significant fines and legal repercussions, highlighting the importance of understanding and implementing GDPR requirements for any business engaging with European customers. The other options pertain to different areas of regulation. HIPAA focuses on healthcare information privacy in the U.S., FERPA deals with educational records, and SOX governs financial practices and reporting for public companies. These regulations, while important in their respective fields, do not address personal data protection and customer privacy under the jurisdiction of the GDPR.