An organization is expanding into a region with legal mandates requiring that personal information be stored and processed locally. Leadership prefers a unified global system. Which step best fulfills this regulatory requirement?
Apply a single encryption plan for a worldwide facility
Enable encryption of records processed overseas
Ask customers to consent to cross-border data movement
Build regional infrastructure and restrict external relocation
Data localization laws in jurisdictions such as the European Union (GDPR Art. 44–50), India (DPDP 2023), and China's PIPL prohibit the transfer of certain personal data outside the region without specific authorization or safeguards. Building data centers or storage facilities within the mandated geography and ensuring access controls and backup redundancy remain within regional boundaries satisfies compliance. Encryption alone does not fulfill storage residency requirements, nor do voluntary user consents override legal obligations. A single global infrastructure or encryption schema cannot address jurisdictional boundaries effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are data localization laws?
Open an interactive chat with Bash
Why doesn’t encryption alone satisfy data residency requirements?
Open an interactive chat with Bash
How can regional infrastructure help meet compliance requirements?