Certified Cloud Security Professional (CCSP) Practice Exam 2025 - Free CCSP Practice Questions and Study Guide

The European Union General Data Protection Regulation (GDPR), established in 2018, includes significant provisions that emphasize the right to be forgotten, which allows individuals to request the deletion of their personal data under certain conditions. This regulation enhances individuals' control over their personal data and mandates organizations to comply with requests when the data is no longer necessary, when consent is withdrawn, or when data has been processed unlawfully, among other conditions.

Furthermore, GDPR imposes stringent penalties for non-compliance, which can significantly increase sanctions on organizations that fail to protect personal data or violate individuals' rights. Fines can reach up to €20 million or 4% of a company's global annual revenue, whichever is higher. This strong punitive framework aims to ensure that organizations prioritize data protection and respect individuals' privacy rights.

In contrast, the other options relate to different regulatory frameworks that do not center around the right to be forgotten or related sanctions in a similar manner—GLBA focuses on financial privacy, SOX deals with corporate governance and financial disclosures, and HIPAA addresses the confidentiality of health information.