CDPSE · Question #297
Of the following, who is the BEST resource for determining which privacy laws must be followed for data that crosses international borders?
The correct answer is A. The legal counsel for the organization that plans to collect the data. Legal counsel is the best resource for determining which privacy laws apply to cross-border data flows because they are qualified to interpret and apply multi-jurisdictional legal requirements.
Question
Of the following, who is the BEST resource for determining which privacy laws must be followed for data that crosses international borders?
Options
- AThe legal counsel for the organization that plans to collect the data
- BThe government in the country where the data is initially collected
- CThe chief information security officer (CISO) in the country that processes the data
- DThe chief risk officer (CRO) for the organization that plans to collect the data
How the community answered
(40 responses)- A75% (30)
- B5% (2)
- C15% (6)
- D5% (2)
Why each option
Legal counsel is the best resource for determining which privacy laws apply to cross-border data flows because they are qualified to interpret and apply multi-jurisdictional legal requirements.
Legal counsel has the professional expertise to interpret applicable laws such as GDPR, CCPA, PIPEDA, and bilateral data transfer agreements across the specific jurisdictions involved. They can provide authoritative, organization-specific guidance on compliance obligations, data transfer mechanisms (such as standard contractual clauses or binding corporate rules), and liability. No other role listed combines legal expertise with an obligation to advise the collecting organization directly.
The government in the collection country can only authoritatively speak to its own jurisdiction's laws, not to the laws of destination or processing countries.
The CISO is responsible for information security strategy and operations, not for interpreting or advising on legal compliance across international privacy regimes.
The CRO evaluates and manages organizational risk but is not qualified to authoritatively interpret specific legal requirements across multiple national jurisdictions.
Concept tested: Cross-border privacy law compliance accountability
Source: https://www.iapp.org/resources/article/cross-border-data-transfers/
Topics
Community Discussion
No community discussion yet for this question.