What is a well-defined concept for GDPR compliance?
A. Data controllers must confirm to data subjects as to whether, where, and why personal data is being processed.
B. Personal data that was collected before the compliance standards were set do not need to be protected.
C. Compliance standards apply to organizations that have a physical presence in Europe.
D. Records that are relevant to an existing contract agreement can be retained as long as the contract is in effect.
