nerdexam
Isaca

CDPSE · Question #297

Of the following, who is the BEST resource for determining which privacy laws must be followed for data that crosses international borders?

The correct answer is A. The legal counsel for the organization that plans to collect the data. Legal counsel is the best resource for determining which privacy laws apply to cross-border data flows because they are qualified to interpret and apply multi-jurisdictional legal requirements.

Privacy Governance

Question

Of the following, who is the BEST resource for determining which privacy laws must be followed for data that crosses international borders?

Options

  • AThe legal counsel for the organization that plans to collect the data
  • BThe government in the country where the data is initially collected
  • CThe chief information security officer (CISO) in the country that processes the data
  • DThe chief risk officer (CRO) for the organization that plans to collect the data

How the community answered

(40 responses)
  • A
    75% (30)
  • B
    5% (2)
  • C
    15% (6)
  • D
    5% (2)

Why each option

Legal counsel is the best resource for determining which privacy laws apply to cross-border data flows because they are qualified to interpret and apply multi-jurisdictional legal requirements.

AThe legal counsel for the organization that plans to collect the dataCorrect

Legal counsel has the professional expertise to interpret applicable laws such as GDPR, CCPA, PIPEDA, and bilateral data transfer agreements across the specific jurisdictions involved. They can provide authoritative, organization-specific guidance on compliance obligations, data transfer mechanisms (such as standard contractual clauses or binding corporate rules), and liability. No other role listed combines legal expertise with an obligation to advise the collecting organization directly.

BThe government in the country where the data is initially collected

The government in the collection country can only authoritatively speak to its own jurisdiction's laws, not to the laws of destination or processing countries.

CThe chief information security officer (CISO) in the country that processes the data

The CISO is responsible for information security strategy and operations, not for interpreting or advising on legal compliance across international privacy regimes.

DThe chief risk officer (CRO) for the organization that plans to collect the data

The CRO evaluates and manages organizational risk but is not qualified to authoritatively interpret specific legal requirements across multiple national jurisdictions.

Concept tested: Cross-border privacy law compliance accountability

Source: https://www.iapp.org/resources/article/cross-border-data-transfers/

Topics

#Legal compliance#International data transfers#Organizational roles#Privacy laws

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice