ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your U.K.-based SaaS company stores European customer PII in a German availability zone operated by a U.S.-headquartered cloud service provider (CSP). The CSP has just forwarded a U.S. CLOUD Act subpoena compelling production of that data-an action that would breach the EU GDPR's restrictions on transfers to the United States. Which contractual element, if it had been negotiated in advance, would BEST position you to evaluate and lawfully challenge or refuse the conflicting disclosure demand?
A clause designating governing law, venue, and an order-of-precedence for conflicting legal requirements
A detailed incident-response policy aligned with NIST SP 800-61 to handle law-enforcement inquiries
A data-protection addendum that incorporates EU Standard Contractual Clauses and a specific government-access (CLOUD Act) safeguard
Pre-approved Binding Corporate Rules covering all entities in the data-processing chain
The most effective way to deal with a potential conflict between a U.S. CLOUD Act order and the EU GDPR's cross-border transfer rules is to embed an EU-approved transfer mechanism-such as the (UK-)Standard Contractual Clauses-together with explicit government-access or "CLOUD Act" clauses in the data-protection addendum (DPA). These provisions require the provider to notify the customer, allow it to object or seek redress, and, where possible, to resist or narrowly scope any foreign disclosure request, thereby aligning the parties' obligations with GDPR requirements. A general governing-law or venue clause only decides which legal system interprets the contract; it does not itself provide the safeguards needed to resolve the data-transfer conflict. Incident-response policies and PCI-DSS attestations address security, not legal precedence, and Binding Corporate Rules facilitate intra-group transfers but do not cover external government demands.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are EU Standard Contractual Clauses (SCCs)?
Open an interactive chat with Bash
What is the CLOUD Act and its impact on cloud data?
Open an interactive chat with Bash
How do government-access clauses in a DPA mitigate legal conflicts?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .