Certified Information Privacy Professional – Europe (CIPP/E) — Question 11

Which of the following entities would most likely be exempt from complying with the GDPR?

Answer options

• A. A South American company that regularly collects European customers’ personal data.
• B. A company that stores all customer data in Australia and is headquartered in a European Union (EU) member state.
• C. A Chinese company that has opened a satellite office in a European Union (EU) member state to service European customers.
• D. A North American company servicing customers in South Africa that uses a cloud storage system made by a European company.

Correct answer: D

Explanation

The correct answer is D because a North American company servicing customers in South Africa is not subject to GDPR as it does not collect or process data of EU citizens. Options A, B, and C involve companies that engage with European customers or are based in the EU, making them subject to GDPR regulations.