Exam CAS-004 topic 1 question 6 discussion

I would go with A and C as Erasure is part of GDPR compliance. A citizen has the right to request their data be deleted.

GDPR requires, Transparency on data you collect and store. Furthermore users need to have the an option to completely erase or copy their data if they decide opt out

A. Inform users regarding what data is stored: Under GDPR, one of the core principles is transparency. Organizations must clearly inform users about what personal data is being collected, stored, and how it will be used. This ensures that data subjects are aware of the data processing activities affecting their personal data. C. Provide data deletion capabilities: GDPR grants data subjects the "right to be forgotten," which means they can request the deletion of their personal data under certain circumstances. Ensuring that users can have their data deleted is a critical requirement for GDPR compliance.

A. Inform users regarding what data is stored: Under GDPR, one of the core principles is transparency. Organizations must clearly inform users about what personal data is being collected, stored, and how it will be used. This ensures that data subjects are aware of the data processing activities affecting their personal data.

GDPR allows data to be requested for erasure and it is required to notify users how their information will be used, processed, and stored. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

To ensure GDPR (General Data Protection Regulation) compliance when deploying a global service, the company should consider the following options: A. Inform users regarding what data is stored: This is a key requirement under GDPR. Companies must be transparent about the data they collect, process, and store. Providing users with information about the types of data being stored and the purposes for which it is used is crucial for compliance. C. Provide data deletion capabilities: GDPR gives individuals the right to have their personal data erased under certain conditions. Therefore, the company should implement mechanisms to allow users to request the deletion of their data, and the company must comply with such requests in a timely manner.

Based on this site: https://advisera.com/articles/a-summary-of-10-key-gdpr-requirements/#:~:text=GDPR%20lays%20out%20responsibilities%20for%20organisations%20to%20ensure,an%20organisation%20is%20not%20complying%20with%20GDPR%20requirements. Going with A and C A: From "Lawful, fair and transparent processing" Transparent means that companies must inform data subjects about the processing activities on their personal data. C: From "Data subject rights" The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data. I see nothing regarding opting in or out of marketing.

A. Inform users regarding what data is stored: GDPR mandates transparency about data processing. Companies must inform users about what data is being collected, how it will be used, and who it will be shared with. C. Provide data deletion capabilities: Under GDPR, individuals have the right to be forgotten. This means companies must provide users with the ability to request the deletion of their personal data.

The correct answers are (A and B)

A and B are most correct.

The assumption is that this worldwide system is deliberately marketed at EU people. If so, A&C are the answers. If the system is not targeted at EU citizens (even if they could possibly use it), GDPR would not apply; 'worldwide' is a big place, covering lots of jurisdictions.

When it comes to GDPR, the answer is AC

A,B Opt in/out is a thing under GDPR 22. Deletion capabilities have further requirements. Transparency is a no brainer.

GDPR does require now to have an opt-in/out for marketing messages. C although sounds correct it is not, you are not required to provide a capability to erase date, you just need to provide a way for user to request date. Capability means they can erase their own data but that is not true you will have to request through legal department to have all your data erased for update on the email GDPR see link below https://www.zettasphere.com/gdpr-consent-opt-in-examples/

GDPT A and C

B only refers to Spam.

A and C since opt out of spam is not part of the GDPR.