CompTIA Security+ (SY0-601) — Question 89

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

Answer options

• A. SSAE SOC 2
• B. PCI DSS
• C. GDPR
• D. ISO 31000

Correct answer: C

Explanation

The GDPR (General Data Protection Regulation) specifically outlines the roles and responsibilities of data controllers and processors to ensure data protection and privacy. In contrast, SSAE SOC 2 focuses on service organization controls, PCI DSS addresses payment card security, and ISO 31000 provides guidelines for risk management, which do not specifically cover data controller and processor roles.