Question 7
Domain 1: Cloud Architecture, Governance, and Risk ManagementAn organization's cloud data is stored in multiple countries with conflicting data protection laws. Which governance approach BEST addresses these jurisdictional challenges?
Correct answer: B
Explanation
Data localization addresses cross-border conflicts by keeping data within the country or region required by law, reducing exposure to incompatible foreign rules. Clear classification of data residency requirements lets the organization map each dataset to the applicable jurisdiction and apply the right controls, which is the core governance need when "conflicting data protection laws" apply.
Why each option is right or wrong
A. Storing all data in the country with the least restrictive laws
B. Data localization with clear classification of data residency requirements
Under GDPR Articles 44–49, cross-border transfers are only permitted when the destination country or transfer mechanism meets the applicable legal conditions, and many national privacy laws impose additional in-country storage or processing mandates. A governance model that classifies each dataset by residency requirement and keeps regulated data in the required jurisdiction directly resolves the conflict between overlapping legal regimes, whereas a generic global cloud policy would leave the organization exposed to unlawful transfers and enforcement risk.
C. Ignoring jurisdictional requirements
D. Allowing data to flow freely without controls