Certified Secure Software Lifecycle Professional Practice Exam 2025 - Free Practice Questions and Study Guide

The correct answer is the EU General Data Protection Regulation (GDPR). This regulation serves as the cornerstone of data protection and privacy laws across European Union member states. Implemented in May 2018, the GDPR establishes a comprehensive legal framework regarding the processing of personal data, enhancing individuals' rights and offering them greater control over their personal information.

It covers various aspects of data processing, including the requirements for obtaining valid consent, data breach notifications, the rights of individuals to access their data, and the responsibilities of organizations that handle personal data. The GDPR also imposes significant penalties for non-compliance, reinforcing its importance in protecting personal data in the EU.

In contrast, the other options listed pertain to specific sectors or regions and do not govern personal data processing in the EU. The Gramm-Leach-Bliley Act focuses on financial institutions in the United States, the Health Insurance Portability and Accountability Act is centered around the healthcare sector in the U.S., and the Sarbanes-Oxley Act pertains to corporate governance and financial reporting in the U.S. These frameworks do not address the comprehensive regulations on personal data processing as established by the GDPR.