CompTIA CASP+ (CAS-004) — Question 588

A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data?

Answer options

• A. The principle of lawful, fair, and transparent processing
• B. The right to be forgotten principle of personal data erasure requests
• C. The non-repudiation and deniability principle
• D. The principle of encryption, obfuscation, and data masking

Correct answer: A

Explanation

The correct answer is A, as the General Data Protection Regulation (GDPR) emphasizes lawful, fair, and transparent processing of personal data. Option B, while important, pertains specifically to the right to data erasure, which is not the overarching principle. Options C and D do not directly relate to the GDPR's core principles for processing personal data.