9.1.3 - Regulatory Compliance

Flashcards covering key terms and definitions related to regulatory compliance, data protection legislation, and privacy laws.

Regulatory Compliance

Externally determined requirements that organizations must follow, especially in certain industries or when processing specific types of data.

Personally Identifiable Information (PII)

Data that can identify, contact, locate, or describe an individual, such as SSN, name, birth date, etc.

General Data Protection Regulation (GDPR)

EU regulation that governs the collection and processing of personal data, requiring informed consent and giving data subjects rights regarding their data.

Informed Consent

The requirement that data must be collected and processed only for a clearly stated purpose, explained in plain language.

Data Sovereignty

Legal concept where processing and storage of data are restricted based on physical location, affecting rights and privacy.

Data Locality

Establishment of storage and processing boundaries based on national or state borders to comply with local privacy regulations.

Payment Card Industry Data Security Standard (PCI DSS)

Security standard for organizations that handle credit card information, requiring specific protections for cardholder data.

Cardholder Data Environment (CDE)

The part of a payment processing system that stores, processes, or transmits cardholder data and must comply with PCI DSS.

Data Breach Notification Procedures

The policies required to inform customers about data breaches involving their personal information.

Contractual Safeguards

Measures put in place to extend rights under GDPR when transferring data to jurisdictions with inadequate privacy regulations.