Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 314

What is a well-defined concept for GDPR compliance?

Answer options

• A. Data subjects can require that the data controllers erase their personal data.
• B. Personal data that was collected before the compliance standards were set do not need to be protected.
• C. Compliance standards apply to organizations that have a physical presence in Europe.
• D. Records that are relevant to an existing contract agreement can be retained as long as the contract is in effect.

Correct answer: A

Explanation

Option A is correct as it highlights the right of data subjects to request the deletion of their personal data, which is a key aspect of GDPR. Option B is incorrect because all personal data, regardless of when it was collected, must adhere to GDPR protections. Option C is misleading; while organizations with a physical presence in Europe must comply, GDPR also applies to those outside Europe that process data of EU residents. Option D is also wrong as it misrepresents the retention rules under GDPR, which require data minimization and justification for retention beyond contractual obligations.