Certified Data Privacy Solutions Engineer (CDPSE) — Question 54
A retail company handles payroll accounting for its employees through a Software as a Service (SaaS) provider that uses a data center operator as a subcontractor. Who is responsible for the protection of the employees’ personal data?
Answer options
- A. The SaaS provider
- B. The external auditing firm
- C. The retail company
- D. The data center operator
Correct answer: A
Explanation
The SaaS provider is responsible for the protection of the employees' personal data, as they are the ones delivering the service and managing the data. The retail company, while needing to ensure their data is protected, relies on the SaaS provider for this function. The external auditing firm has no responsibility for data protection, and the data center operator is a subcontractor to the SaaS provider, not directly accountable.