Summary
This chapter discussed the importance of internal and external auditing as it relates to compliance and the consequences of non-compliance. This included a review of due diligence and care practices and data privacy maintenance, as well as the legal implications of non-compliance with privacy laws such as GDPR and HIPAA. Finally, you explored various data roles and how they are affected by compliance when carrying out their duties and GDPR’s “right to be forgotten” clause.
The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 5.4 in your CompTIA Security+ certification exam.
The next chapter of the book is Chapter 27, Explain types and purposes of audits and assessments.