ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your U.S.-based company is migrating its cloud-hosted HR system, which processes the personal data of employees located in the European Union, to a SaaS provider whose data centers are all in the United States. Under the GDPR you must ensure that the cross-border transfer of this personal data remains lawful once the service goes live. Which contractual mechanism should you insist on adding to the master service agreement with the provider to satisfy this requirement?
Rely on the provider's ISO/IEC 27001 and ISO/IEC 27018 certifications as the lawful basis for transfer.
Include the European Commission's Standard Contractual Clauses between the EU entity and the SaaS provider.
Encrypt all personal data in transit with TLS 1.2 or higher to eliminate the need for additional safeguards.
Obtain a SOC 2 Type II report from the provider covering the Security and Privacy trust services criteria.
Because the personal data of EU residents will be transferred to (and stored in) a third country, the GDPR requires an approved transfer mechanism under Chapter V. The most widely used mechanism-especially when the provider is located in the United States-is the European Commission's Standard Contractual Clauses (SCCs). Incorporating the SCCs creates legally binding obligations on the data importer and gives data subjects enforceable rights, thereby legitimizing the transfer.
A SOC 2 Type II report demonstrates the effectiveness of certain controls but does not by itself make a cross-border transfer lawful. ISO/IEC 27001 or ISO/IEC 27018 certifications signal good security and privacy practices; however, they are voluntary standards and likewise do not constitute a recognized GDPR transfer mechanism. Strong TLS encryption is recommended, but technical measures alone do not remove the need for a legal basis under Chapter V.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Standard Contractual Clauses (SCCs) under GDPR?
Open an interactive chat with Bash
What is Chapter V of the GDPR about?
Open an interactive chat with Bash
How do SCCs differ from Binding Corporate Rules (BCRs)?
Open an interactive chat with Bash
What are the European Commission's Standard Contractual Clauses (SCCs)?
Open an interactive chat with Bash
Why doesn't a SOC 2 Type II report ensure GDPR compliance for cross-border data transfers?
Open an interactive chat with Bash
How do ISO/IEC 27001 and ISO/IEC 27018 certifications relate to GDPR compliance?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .