Certified Information Privacy Manager (CIPM) — Question 17

When vetting third-party processors of data protected by the General Data Protection Regulation (GDPR), why is it important to know the physical location of stored personal data from clients?

Answer options

• A. To determine their incidence response time.
• B. To determine the country laws that would govern the contract.
• C. To determine the likelihood of a security breach in the location.
• D. To ensure the country has adequate protection or if safeguards are required.

Correct answer: D

Explanation

The correct answer is D because knowing the physical location helps determine if the country offers adequate data protection as per GDPR requirements. Options A, B, and C are relevant considerations but do not address the primary concern of ensuring compliance with data protection standards specific to the country where the data is stored.