ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your U.S.-based organization is finalizing a SaaS agreement that will move large volumes of EU residents' personal data to an American data center. Because the Court of Justice of the European Union struck down the EU-U.S. Privacy Shield, executives want a contractual solution that allows the transfers to continue without first seeking approval from any EU data protection authority. Which contractual mechanism best satisfies this requirement?
Invoke GDPR Article 49 derogations based on explicit consent for each EU data subject.
Reference compliance with the U.S. CLOUD Act as the legal basis for the transfer.
Embed the European Commission's Standard Contractual Clauses (SCCs) into the master service agreement.
Implement Binding Corporate Rules (BCRs) for processors to cover the SaaS operations.
Standard Contractual Clauses (SCCs) adopted by the European Commission may be embedded in a service agreement to provide a lawful basis for routine cross-border transfers of personal data from the EU to a third country. When the clauses are used in their unmodified form, they do not need prior authorization from supervisory authorities, making them attractive for cloud outsourcing arrangements.
Derogations under GDPR Article 49 are intended for occasional, non-repetitive transfers and often require obtaining explicit consent from every data subject, which is impractical for continual SaaS operations. The U.S. CLOUD Act governs law-enforcement access to data and does not create a data-transfer mechanism recognized by the GDPR. Binding Corporate Rules apply mainly to intra-group transfers; they must be reviewed and formally approved by EU supervisory authorities before they become effective, so they do not meet the "no prior approval" requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Standard Contractual Clauses (SCCs) under the GDPR?
Open an interactive chat with Bash
Why can't GDPR Article 49 derogations be used for regular data transfers?
Open an interactive chat with Bash
What are Binding Corporate Rules (BCRs) and why don't they work for this situation?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .