Which regulation enforces rules for organizations collecting data on subjects in the European Union?

The General Data Protection Regulation (GDPR) is designed specifically to enhance and unify data protection for all individuals within the European Union. It establishes strict guidelines for the collection, processing, and storage of personal data. Under GDPR, organizations must ensure they have a lawful basis for collecting personal data, provide transparency about how that data will be used, and respect the rights of individuals, including the right to access their data and the right to be forgotten.

GDPR applies to any organization, regardless of where it is based, as long as it processes personal data of individuals within the EU. This makes it a pivotal regulation in safeguarding privacy rights and empowering individuals over their personal information, shaping how businesses handle data in the digital age.

The other options focus on different aspects of data protection or are regulatory frameworks that do not encompass the breadth and scope of personal data handling as GDPR does. For instance, COPPA deals specifically with children’s online privacy in the United States, PCI DSS focuses on securing credit card information, and CMMI is a process improvement framework rather than a data protection regulation.