Audits and Compliance: Data Locality, PCI DSS, and GDPR

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/13

flashcard set

Earn XP

Description and Tags

Vocabulary flashcards covering key concepts from the notes on data locality, PCI DSS, GDPR, and audits/compliance.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

14 Terms

1
New cards

Data locality

Geographic location where data is stored and processed; drives regulatory requirements and latency considerations.

2
New cards

Data sovereignty

Legal requirement that data generated within a country remains within its borders or subject to that country's laws.

3
New cards

PCI DSS

Payment Card Industry Data Security Standard; contractual requirement (not a law) for entities that accept, process, store, or transmit cardholder data.

4
New cards

Cardholder Data Environment (CDE)

Part of the network that stores, processes, or transmits cardholder data; requires segmentation and strong controls.

5
New cards

GDPR

General Data Protection Regulation; EU regulation focusing on data protection and privacy; applies to EU/EEA entities and to non-EU organizations serving EU residents.

6
New cards

Data subject rights

Rights under GDPR including the right to be informed, access, rectification, erasure, and restriction of processing.

7
New cards

Data protection principles

GDPR principles such as data minimization, accuracy, storage limitation, integrity, and confidentiality.

8
New cards

Data Protection Impact Assessment (DPIA)

GDPR-required assessment to identify and mitigate privacy risks of processing operations.

9
New cards

Data Protection Officer (DPO)

Individual appointed to oversee data protection strategy and GDPR compliance.

10
New cards

Data breach response plan

Plan to detect, respond to, and recover from data breaches; essential for GDPR and PCI DSS compliance.

11
New cards

Continuous monitoring and auditing

Ongoing program to monitor data flows and access; includes regular audits for standards like PCI DSS and GDPR.

12
New cards

Risk assessment / risk management

Process to identify, assess, and mitigate legal/compliance risks from data storage/transfer based on data location.

13
New cards

Latency and data proximity

Storing data close to end users to reduce latency and improve performance; may influence cloud region choice.

14
New cards

Policies and incident response

Written policies for data handling, access control, and incident response enforced across the organization.

Explore top notes

Explore top flashcards