Your EU-based organization stores Personally Identifiable Information (PII) and non-PII data in Cloud Storage buckets across multiple Google Cloud regions. To comply with EU data privacy laws mandating that PII must not be stored outside the EU, you need to detect if any Cloud Storage buckets outside the EU contain PII data. What should you do?

Exam-Like

Create a Sensitive Data Protection job. Specify the infoType of data to be detected and run the job across all Google Cloud Storage buckets.

Create a log sink with a filter on resourceLocation.currentLocations. Trigger an alert if a log message appears with a non- EUcountry.

Activate Security Command Center Premium. Use compliance monitoring to detect resources that do not follow the applicable healthcare regulation.

Enforce the gcp.resourceLocations organization policy and add "EU" in a custom rule that only applies on resources with the tag "healthcare".

Google Professional Cloud Security Engineer