CompTIA CASP+ (CAS-004) — Question 96

An organization collects personal data from its global customers. The organization determines how that data is going to be used, why it is going to be used, and how it is manipulated for business processes. Which of the following will the organization need in order to comply with GDPR? (Choose two.)

Answer options

• A. Data processor
• B. Data custodian
• C. Data owner
• D. Data steward
• E. Data controller
• F. Data manager

Correct answer: A, E

Explanation

The correct answers are A (Data processor) and E (Data controller) because these roles are essential for managing personal data under GDPR. A Data processor handles data on behalf of the Data controller, which is responsible for determining how and why personal data is processed. The other options, while relevant to data management, do not specifically address the compliance requirements outlined by GDPR.