🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional37 / 129
Question 37 of 129

A retail company collects customer purchase data and decides how and why it will be used for marketing analytics. It contracts a cloud analytics vendor to run the computations strictly according to the retailer's documented instructions. The vendor's operations team also manages the day-to-day storage, backups, and access controls for the hosted datasets. Under a privacy framework such as GDPR, how should the retailer and the vendor's operations team be classified?

Reviewed for accuracy · Report an issueNext question