Text for the questions from 19 to 21.

1 Cybersecurity: Cybersecurity, or information

security, refers to the measures taken to protect a

computer or computer system against unauthorized

4 access from a hacker. A robust cybersecurity policy

protects secure, critical or sensitive data and prevents

it from falling into the hands of malicious third parties.

7 The most common forms of cyber-attacks are phishing,

spear phishing and injecting malware code into a

computer system.

10 Data Privacy: Varonis defines data privacy as a

type of “information security that deals with the proper

handling of data concerning consent, notice, sensitivity,

13 and regulatory concerns.” On its most basic level, data

privacy is a consumer’s understanding of their rights

as to how their personal information is collected, used,

16 stored and shared. The use of personal information must

be explained to consumers in a simple and transparent

manner and in most cases, consumers must give their

19 consent before their personal information is provided.

World Wide Data Privacy and Cyber Laws: The

protection of data privacy has come to the forefront

22 with the launch of the General Data Protection

Regulation (GDPR) by the European Union (EU) in 2018.

The GDPR updated an older data law to reflect today’s

25 ever-changing technology. The GDPR places more

requirements on organizations that process and collect

personal data, emphasizing accountability and evidencing

28 compliance while strengthening the individual’s rights.

The GDPR applies to all data directly or indirectly related

to an identifiable person in the EU that is processed by an

31 individual, company or organization. Any small business

that processes people’s personal data within the EU is

subject to the GDPR, no matter where in the world the

34 business is based. It is important to note that the GDPR

pertains to people within the EU, but not necessarily to

EU citizens. This means that any company using the data

37 of EU subjects, even if this company is stationed outside

the EU, will need to comply with new ways of protecting

data related to identifying information, IP address,

40 cookies, health, genetic or biometric data, racial or ethnic

data and sexual orientation.