Certified Information Privacy Manager (CIPM) — Question 152

Under the General Data Protection Regulation (GDPR), international data transfer is allowed using the mechanisms in all of the following scenarios EXCEPT between companies who?

Answer options

• A. Are part of the same group of enterprise using approved Binding Corporate Rules (BCRs).
• B. Have signed up to the EU Standard Contractual Clauses.
• C. Have put in place a binding confidentiality agreement.
• D. Have put in place an approved code of conduct.

Correct answer: C

Explanation

The correct answer is C because a binding confidentiality agreement alone does not meet the GDPR requirements for international data transfers. In contrast, options A, B, and D involve mechanisms that are recognized under GDPR for ensuring adequate protection for data being transferred outside the EU.