Valid PDP9 Dumps shared by ExamDiscuss.com for Helping Passing PDP9 Exam! ExamDiscuss.com now offer the newest PDP9 exam dumps, the ExamDiscuss.com PDP9 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PDP9 dumps with Test Engine here:
A company based in France uses a specialist IT support business in China The two companies have signed a Data Processing Agreement.The Chinese business provides specialist IT support for the French company's digital customer experience platform No personal data is sent to China, but employees of the Chinese business access the platform on a regular basis and have access to the databases that sit behind it.Which of the following statements is CORRECT in relation to the French company's requirements to ensure compliance with the GDPR?
Correct Answer: B
Explanation According to the GDPR, a transfer of personal data to a third country or an international organisation occurs when the personal data is made available to someone outside the EU and EEA, regardless of whether the data is physically sent or not. Therefore, the fact that the Chinese business accesses the platform and the databases that contain personal data of the French company's customers constitutes a transfer of personal data to China, which is a third country under the GDPR. The French company, as the controller of the personal data, must ensure that the transfer complies with the GDPR requirements and that the level of protection of the personal data is not undermined. This means that the French company must identify and implement an appropriate transfer mechanism, such as an adequacy decision, appropriate safeguards, or derogations for specific situations, as set out in Chapter V of the GDPR. A data processing agreement, although necessary to define the roles and responsibilities of the controller and the processor, is not sufficient to ensure the legality of the transfer, as it does not provide the same guarantees as the GDPR. China is not a country that has been recognised by the European Commission as providing an adequate level ofprotection for personal data, so the French company cannot rely on an adequacy decision either. References: * Article 44 of the GDPR1 * ICO guidance on international transfers2
