Certificate of Cloud Auditing Knowledge (CCAK) — Question 209

An external auditor is auditing a global organization located in Portugal that does business with a US-based organization in California. The auditor should verify that the global organization complies with which of the following regulations?

Answer options

• A. SOC 2
• B. GDPR
• C. HIPAA
• D. CCPA

Correct answer: B

Explanation

The correct answer is B, GDPR, as it applies to organizations operating within the EU and handling personal data of EU citizens. SOC 2 (A) is related to service organizations and their data handling practices, HIPAA (C) pertains to healthcare data in the US, and CCPA (D) is specific to California residents, making them irrelevant for a global organization based in Portugal.