CIPP-E Question #206: Real Exam Question with Answer & Explanation

Question

Options

• APayments cannot be made in a European Union currency.
• BThe controller does not have an establishment in the European Union.
• CThe website is not available in several official languages of European Un on Member States
• DThe website cannot block connections from outside the U.S. that use a Virtual Private Network

Explanation

The GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This means that the GDPR applies to any controller or processor that has a branch, office, subsidiary, or other stable arrangement in the EU, even if the data processing occurs outside the EU. However, the GDPR also applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union. This means that the GDPR applies to any controller or processor that targets or tracks EU data subjects, even if they do not have a presence in the EU. In this case, the website operator is not required to comply with the GDPR because it does not have an establishment in the EU (option B), and it does not offer goods or services or monitor the behaviour of EU data subjects. The website operator reports primarily on North American events, does not block connections from outside the U.S., and only accepts payments in U.S. dollars, which indicate that it does not intend to target or track EU data subjects.

No community discussion yet for this question.