CompTIA Security+ (SY0-601) — Question 259

A company received a “right to be forgotten” request. To legally comply, the company must remove data related to the requester from its systems. Which of the following is the company MOST likely complying with?

Answer options

• A. NIST CSF
• B. GDPR
• C. PCI DSS
• D. ISO 27001

Correct answer: B

Explanation

The correct answer is B, GDPR, as it specifically provides individuals with the right to request the deletion of their personal data. The other options, such as NIST CSF, PCI DSS, and ISO 27001, do not focus on the right to be forgotten and are primarily concerned with broader frameworks for security and data protection.