ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A U.S.-based SaaS provider stores European customers' medical records exclusively in its cloud tenant located in Frankfurt, Germany. One morning it receives a subpoena issued under the U.S. CLOUD Act that demands a copy of a German patient's data for an ongoing criminal investigation in the United States. Which response gives the provider the BEST chance of complying with legal obligations in both jurisdictions?
Permanently delete the requested records so the data are neither held in Germany nor available to U.S. law enforcement, eliminating conflict.
Refuse to provide the data because GDPR bans any transfer of EU personal data to U.S. authorities without the data subject's explicit consent.
Comply immediately with the subpoena because the CLOUD Act overrides foreign privacy laws when the provider is U.S.-based.
Notify the German data-protection authority and contest the subpoena while requesting that U.S. investigators use a Mutual Legal Assistance Treaty (MLAT) or equivalent EU-approved mechanism before any disclosure.
The CLOUD Act can compel a U.S. service provider to disclose data it controls, even when that data is stored overseas. However, GDPR Article 48 states that personal data in the EU may be transferred to a third-country authority only when the transfer is based on an international agreement such as a Mutual Legal Assistance Treaty (MLAT) or another instrument under EU law. Simply handing over the data (or deleting it) could violate GDPR, while refusing outright could breach the CLOUD Act. The most defensible path is to inform the appropriate EU supervisory authority and seek to convert the subpoena into (or replace it with) a recognized MLAT or similar mechanism, thereby reconciling the two legal regimes. The other options either ignore one jurisdiction's requirements or unlawfully destroy evidence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the U.S. CLOUD Act?
Open an interactive chat with Bash
What is an MLAT and why is it relevant here?
Open an interactive chat with Bash
What is GDPR Article 48 and how does it impact cross-border data sharing?
Open an interactive chat with Bash
What is the CLOUD Act?
Open an interactive chat with Bash
What is an MLAT (Mutual Legal Assistance Treaty)?
Open an interactive chat with Bash
What does GDPR Article 48 say about transferring data to third countries?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .