🔥 3-day streak
CompTIA SecurityX (CAS-005)19 / 120
Question 19 of 120
A multinational retailer's SOC confirms that attackers exfiltrated a database containing EU residents' personal data and U.S. customers' payment card information. The CISO convenes a response meeting to determine notification obligations. Legal confirms the breach involves both personal data protected under GDPR and cardholder data governed by PCI DSS agreements with the acquiring bank. Which action correctly reflects the organization's regulatory and contractual notification obligations?
Reviewed for accuracy · Report an issueNext question