New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CCAK Exam - Topic 3 Question 72 Discussion

Actual exam question for Isaca's CCAK exam
Question #: 72
Topic #: 3
[All CCAK Questions]

An auditor is assessing a European organization's compliance. Which regulation is suitable if health information needs to be protected?

Show Suggested Answer Hide Answer
Suggested Answer: A

The General Data Protection Regulation (GDPR) is the regulation that is suitable if health information needs to be protected in the European Union.The GDPR provides the legal framework for the protection of personal data, including health data, and sets out directly applicable rules for the processing of the personal data of individuals1.The GDPR defines health data as personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status2.The GDPR applies to any organization that processes health data of individuals who are in the EU, regardless of where the organization is established3.

The other options are not correct. Option B, DPIA, is incorrect because DPIA stands for Data Protection Impact Assessment, which is a process that helps organizations to identify and minimize the data protection risks of a project or activity that involves processing personal data.A DPIA is not a regulation, but a tool or a requirement under the GDPR4. Option C, DPA, is incorrect because DPA stands for Data Protection Authority, which is an independent public authority that supervises, through investigative and corrective powers, the application of the data protection law.A DPA is not a regulation, but an institution or a body under the GDPR5. Option D, HIPAA, is incorrect because HIPAA stands for Health Insurance Portability and Accountability Act, which is a US federal law that provides data privacy and security provisions for safeguarding medical information.HIPAA does not apply to the EU, but to the US6.Reference:=

European Health Data Space1

Article 4 - Definitions | General Data Protection Regulation (GDPR)2

Article 3 - Territorial scope | General Data Protection Regulation (GDPR)3

Data protection impact assessment | European Commission4

Data protection authorities | European Commission5

What is HIPAA?- Definition from WhatIs.com6


by Ernest at Jul 08, 2025, 06:01 AM

Limited Time Offer

25%

Off

Get Premium CCAK Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Fletcher
2 months ago
Surprised that people still mix these up!
upvoted 0 times
...
Terrilyn
2 months ago
I think DPIA is more relevant here.
upvoted 0 times
...
Flo
3 months ago
Wait, isn't HIPAA the one for health info?
upvoted 0 times
...
Ludivina
3 months ago
No way, it's all about GDPR!
upvoted 0 times
...
Lou
3 months ago
Definitely GDPR for health info!
upvoted 0 times
...
Crista
3 months ago
HIPAA is definitely for the US, so I don't think that's applicable here. I would lean towards GDPR as well.
upvoted 0 times
...
Lindsey
4 months ago
I feel like DPA might be involved too, but I can't recall the specifics. GDPR seems more focused on health data, though.
upvoted 0 times
...
Louvenia
4 months ago
I'm not entirely sure, but I remember something about DPIA being related to data protection assessments. Is that relevant here?
upvoted 0 times
...
Youlanda
4 months ago
I think GDPR is the right choice since it covers personal data protection in Europe, including health information.
upvoted 0 times
...
Antonio
4 months ago
I'm a bit confused on this one. Is DPIA or DPA also an option for protecting health information? I want to make sure I understand the differences between these regulations.
upvoted 0 times
...
Marge
4 months ago
Okay, let me think this through. GDPR is the main data privacy regulation in Europe, so that's probably the best answer here. I'll go with A.
upvoted 0 times
...
Raelene
5 months ago
Hmm, I'm not totally sure about this one. GDPR seems like the obvious choice, but I want to double-check the other options just to be safe.
upvoted 0 times
...
Kris
5 months ago
This seems straightforward - GDPR is the regulation that covers health information protection in Europe, so that's my best guess.
upvoted 0 times
...

Save Cancel