OneTrust Certified Privacy Professional Practice Exam 2026 - Free Privacy Professional Practice Questions and Study Guide

The statement is true because the General Data Protection Regulation (GDPR) applies to all personal data, regardless of when it was collected, as long as the data is being processed after the regulation came into effect on May 25, 2018. This means that if organizations are continuing to process, store, or use personal data collected prior to this date, they must comply with GDPR requirements. This includes ensuring that the data is being processed lawfully, transparently, and with respect for individuals' rights.

GDPR's principles of data protection are designed to enhance privacy rights for individuals, emphasizing accountability and compliance, regardless of the historic context in which the data was initially gathered. Organizations need to take measures to ensure that all data remains compliant with GDPR principles, including but not limited to, obtaining necessary consent, upholding the right to access, and ensuring the data is accurate and secure.

The other choices implied limitations that do not reflect the comprehensive nature of GDPR's applicability.