Home › Practice › Digital Skills Digital Skills Hard
You are a digital analyst at the European Union Delegation to a third country. The Delegation must implement a new confidential document management system that stores personal data of officials and citizens in a public cloud. As part of the risk assessment and compliance evaluation, you must identify the most accurate statement regarding the EU legal framework and information security in this context, based on the fundamental principles of data protection and the functions of EU services. A The NIS2 Directive requires that all EU data, regardless of its sensitivity, must be encrypted and stored exclusively on servers physically located within the Member States of the EU. B The General Data Protection Regulation (GDPR) allows the processing of personal data without consent if cloud storage is considered a 'legitimate need' for the Delegation's mission, regardless of the server's location. C The European External Action Service (EEAS) operates under the political guidance of the High Representative and must coordinate its international action with EU institutions, implying that when implementing cloud systems, it must adhere to the GDPR principles on data security (such as encryption and minimization) and EU cybersecurity standards, ensuring that data processing is secure and lawful, without this implying an absolute prohibition on public cloud if international transfer safeguards are met. D The General Data Protection Regulation (GDPR) establishes that the processing of personal data must be lawful, fair, and transparent, and requires the application of appropriate technical and organizational measures to ensure an adequate level of security, including encryption and pseudonymisation, without the GDPR itself imposing the restriction that servers must be physically located in the EU if international transfer conditions are guaranteed. E The European External Action Service (EEAS) has the exclusive competence to legislate on cloud information security, so it can establish its own encryption rules without needing to strictly adhere to the GDPR or the NIS2 Directive.
Select an option first More Digital Skills questions