🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional51 / 124
Question 51 of 124

A European retailer engages a cloud-based marketing analytics SaaS to run campaigns. The retailer decides which customer datasets to upload, the campaign objectives, and the retention periods. The SaaS provider stores and processes the data strictly according to the retailer's documented instructions and does not use the data for its own purposes. Under GDPR, how should the parties' roles be classified, and what is the primary compliance consequence?

Reviewed for accuracy · Report an issueNext question