GCP Professional Cloud Architect Practice Question

An e-commerce provider in Germany is migrating its analytics stack to Google Cloud. It stores PII in Cloud SQL, aggregates events in BigQuery, and archives order documents in Cloud Storage. Under GDPR it must 1) sign data-processing terms with its cloud provider, 2) guarantee EU data residency, 3) let any user retrieve a portable dump of all personal data within 24 hours, and 4) erase that user's data across all systems on request with minimal manual effort. Which design best meets these requirements?

Accept Google Cloud's Data Processing and Security Terms; deploy all data stores in europe-west* locations; schedule Cloud DLP discovery jobs that tag PII in Data Catalog; trigger a Dataflow template via Pub/Sub to collect all tagged data for a user, export it to an EU Cloud Storage bucket, then delete or anonymize the same records; use Cloud Audit Logs for evidence.
Enable VPC Service Controls around Cloud DLP and keep resources in us-central1 for lower latency; process portability and deletion requests manually with ad-hoc SQL commands and gsutil rm operations; rely on Stackdriver Logging for audit evidence without signing any additional terms with Google.
Store data in the global multi-region; rely on default Google-managed encryption; email support staff SQL scripts to dump and delete user records from Cloud SQL and BigQuery; share Cloud Storage buckets directly with users for downloads.
Encrypt every dataset with customer-managed keys in europe-west1 and rotate them every 30 days; satisfy erasure requests by destroying the key material, making all encrypted data unreadable; generate Cloud SQL exports and email them to users on demand.

Report Issue

Answer Description

Accepting Google Cloud's Data Processing and Security Terms satisfies the contractual obligation that the processor (Google) act under GDPR instructions. Choosing EU-resident regions for Cloud SQL instances, BigQuery datasets, and Cloud Storage buckets keeps data inside the EU, addressing data-residency requirements. Running recurring Cloud DLP discovery jobs automatically classifies and tags PII; publishing those results to Data Catalog policy tags lets downstream jobs locate all user-related fields and objects without manual curation. A Dataflow template that is triggered through Pub/Sub can join the tagged sources by user identifier, write a consolidated export file to an EU bucket for portability, and then invoke deletion/anonymization transforms (Cloud SQL DELETE statements and BigQuery DELETE DML or overwrite jobs, plus Cloud Storage object deletions). Because the whole workflow runs in managed services, it scales automatically and executes within the 24-hour SLA, while Cloud Audit Logs provide an immutable record for compliance. The other options miss key GDPR needs: granting users direct read access breaks least-privilege and does not automate deletion; destroying KMS keys is not an accepted GDPR erasure mechanism and risks collateral data loss; deploying to non-EU regions or relying on manual scripts violates residency and timeliness requirements.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.