nerdexam
Isaca

CDPSE · Question #1

Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

The correct answer is D. The data is stored in a region with different data protection requirements.. Cross-border data transfer regulations (such as GDPR Chapter V) exist precisely because different jurisdictions have different levels of data protection. When data is stored in a region with weaker or incompatible data protection requirements, the organization may be in direct vi

Privacy Governance

Question

Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

Options

  • AThe service provider has denied the organization's request for right to audit.
  • BPersonal data stored on the cloud has not been anonymized.
  • CThe extent of the service provider's access to data has not been established.
  • DThe data is stored in a region with different data protection requirements.

How the community answered

(48 responses)
  • A
    10% (5)
  • B
    4% (2)
  • C
    4% (2)
  • D
    81% (39)

Explanation

Cross-border data transfer regulations (such as GDPR Chapter V) exist precisely because different jurisdictions have different levels of data protection. When data is stored in a region with weaker or incompatible data protection requirements, the organization may be in direct violation of its home jurisdiction's laws - which can result in regulatory fines, enforcement action, and loss of data subject rights. The other options (denied audit rights, lack of anonymization, unclear provider access) are legitimate concerns but are operationally addressable through contract or policy. Jurisdictional mismatch is a structural legal risk that cannot be easily remediated after the fact and represents the greatest compliance exposure.

Topics

#Cross-border data transfer#Cloud computing privacy#Jurisdictional data protection#Third-party risk management

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice