🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional59 / 129
Question 59 of 129
A European subsidiary of a US-based company plans to transfer employee personal data to its parent company's HR system hosted in a US data center. The company's legal team confirms the US recipient is not certified under any adequacy framework recognized by the EU. Which mechanism should the security and privacy team recommend to make this cross-border transfer lawful under GDPR while requiring the least dependence on future regulatory approval?
Reviewed for accuracy · Report an issueNext question