CREST Practitioner Security Analyst (CPSA) Practice 2026 - Free CPSA Practice Questions and Study Guide

The correct answer, General Data Protection Regulation, refers to a comprehensive data protection law enacted by the European Union (EU) in May 2018. It aims to enhance individuals' control and rights over their personal data while simplifying the regulatory environment for international business by unifying data protection regulation within the EU. GDPR applies to all organizations processing the personal information of individuals residing in the EU, regardless of the organization's location. Its main objectives include increasing transparency about how personal data is used, improving data security, and granting individuals rights such as the right to access their data, the right to erasure, and the right to data portability.

The other options, while they contain terms related to data protection, do not accurately describe the legislation. "Global Data Privacy Regulation" suggests a worldwide scope that is not the specific intent of GDPR, which is focused on the EU. "General Data Privacy Rights" and "Global Data Protection Rules" do not reflect the actual title of the regulation and fail to convey the structured regulatory framework established under GDPR. Understanding the precise title of the regulation helps clarify its scope and implementation in data governance and privacy rights across the EU.