What mistakes do candidates make on this CPA question?

Confusing with GDPR (which covers people, not just cards).

Area II: Security — CPA Practice Question 45

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard

Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard

Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard

Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard

Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard