ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A German SaaS provider plans to migrate its customer relationship database, which contains EU residents' personal data, to Amazon S3 and Amazon RDS. To satisfy GDPR requirements for data locality and the right to erasure while keeping operational overhead low, which approach BEST meets the company's obligations?
Use S3 buckets only in eu-central-1 with server-side encryption (SSE-S3) and place all objects under S3 Object Lock in Compliance mode to address the right to be forgotten.
Store the data in any convenient AWS Region and enable cross-Region replication to an EU Region, assuming AWS will act as the data controller under GDPR.
Host the workloads in AWS GovCloud (US), encrypt data with customer-managed keys located in the United States, and rely on the EU-US Privacy Shield framework for lawful transfer.
Keep all S3 buckets and RDS instances in eu-central-1 or eu-west-1, encrypt the data with customer-managed AWS KMS keys that never leave those Regions, and rely on the GDPR Data Processing Addendum already incorporated into the AWS Service Terms.
The company remains the data controller under GDPR and must keep the personal data inside the European Economic Area unless additional transfer safeguards are in place. Using only EU Regions such as eu-central-1 or eu-west-1 meets data-residency expectations. Encrypting the data with customer-managed AWS KMS keys that are also restricted to those Regions safeguards confidentiality and allows the controller to delete the keys later, which renders the data permanently unreadable and can fulfil the GDPR right to erasure. AWS acts as the data processor, and its GDPR Data Processing Addendum is automatically part of the AWS Service Terms, so no separate signature is required (although the customer can request a signed copy). The other options either move data outside the EU, rely on an invalid transfer mechanism, prevent deletion with Object Lock Compliance mode, or incorrectly shift the controller role to AWS, so they fail to meet GDPR obligations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of a data controller and data processor under GDPR?
Open an interactive chat with Bash
What are AWS KMS keys, and how do they help with GDPR compliance?
Open an interactive chat with Bash
What does the AWS GDPR Data Processing Addendum include, and why is it important?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .