Examice

Exam CIPP-E All QuestionsBrowse all questions from this exam

Question 110

According to guidance from the European Data Protection Board, in which of the following cases would a controller established outside of the EU not be subject to the GDPR?

If the controller monitors the behavior of persons on the territory of the Republic of Switzerland.

If the controller has a fully-owned branch office in the EU overseeing all its European operations, including marketing and advertising.

If the controller has its some of its offices and servers based in the EU without having a legal branch or subsidiary in any EU Member State.

If the controller uses the services of an EU-based processor without offering goods or services to persons on EU territory or monitoring their behavior.

Correct Answer: D

A controller established outside of the EU is not subject to the GDPR if it uses the services of an EU-based processor without offering goods or services to persons on EU territory or monitoring their behavior. The key criteria for the applicability of the GDPR to a controller outside the EU are whether it is offering goods or services to individuals in the EU or monitoring their behavior within the EU. Simply using an EU-based processor does not trigger the GDPR's applicability if these criteria are not met.

Discussion

58ad832Option: A

Switzerland is not part of the EU so behavior monitoring of people in Switzerland may only violate local Swiss law but not GDPR