Certified Information Systems Security Professional (CISSP) — Question 195

An application developer is developing a web application that will store and process personal information of European Union (EU) residents. Which of the following security principles explicitly specified in General Data Protection Regulation (GDPR), should the developer apply to safeguard the personal information in the application?

Answer options

• A. Authorization
• B. Tokenization
• C. Pseudonymization
• D. Authentication

Correct answer: C

Explanation

Pseudonymization is specifically mentioned in the GDPR as a technique to protect personal data by replacing identifying fields with artificial identifiers. While Authorization, Tokenization, and Authentication are important security measures, they do not address the specific requirement of reducing the risk associated with personal data exposure as effectively as Pseudonymization does.