If a non EU business processes EU data incidentally and without targeting EU customers, the GDPR does not apply. Therefore B is not a given.
If a business specifically targets EU customers, the GDPR *always* applies. Therefore D is the correct answer.
The option that would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3, is: D. Personal data of EU residents being processed by a non-EU business that targets EU customers.
Option B, while involving the personal data of EU citizens being processed by a controller or processor based outside the EU, is not as explicitly tied to the targeting of EU residents or the monitoring of their behavior as specified in Article 3.
Option D is the most likely to trigger the extraterritorial effect of the GDPR, as specified by Article 3, because it involves a non-EU entity engaging in activities (processing personal data of EU residents) that directly target individuals within the EU.
This section is not available anymore. Please use the main Exam Page.CIPP-E Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ZeroStatic
Highly Voted 2 years, 3 months agoSsourav
Most Recent 12 months agoaliblabla
1 year, 3 months agoIsrAlb
1 year, 4 months agoOSXmaniac
1 year, 5 months agoloejee
1 year, 8 months ago