Certified Information Privacy Technologist (CIPT) — Question 36

Which of the following entities would most likely be exempt from complying with the General Data Protection Regulation (GDPR)?

Answer options

• A. A South American company that regularly collects European customers' personal data.
• B. A company that stores all customer data in Australia and is headquartered in a European Union (EU) member state.
• C. A Chinese company that has opened a satellite office in a European Union (EU) member state to service European customers.
• D. A North American company servicing customers in South Africa that uses a cloud storage system made by a European company.

Correct answer: D

Explanation

The correct answer is D because a North American company servicing customers in South Africa does not fall under GDPR jurisdiction, as it is not collecting or processing data of EU residents. The other options are incorrect because they involve entities that either process or handle EU personal data, which makes them subject to GDPR requirements.