A multinational corporation must comply with GDPR and requires that data stored in BigQuery is physically located in the European Union. They have set up BigQuery datasets in the EU region. However, a compliance audit reveals that some queries may process data in the US region due to BigQuery's multi-region behavior. What should the organization do to ensure data remains in the EU?
Single-region datasets keep data and processing within that region.
Why this answer
Option A is correct because creating a BigQuery dataset in a specific European region (e.g., europe-west1) ensures that all data storage and query processing are physically confined to that single region. In contrast, the EU multi-region (EU) is a geographic entity that includes multiple Google Cloud regions within the European Union, and BigQuery may process data in any of those regions, including potentially outside the EU if the multi-region expands. By using a specific regional dataset, the organization guarantees that data never leaves the designated European location, meeting GDPR's data residency requirements.
Exam trap
Google Cloud often tests the misconception that VPC Service Controls or encryption keys can enforce data residency, but the trap here is that only choosing a specific regional dataset (not a multi-region) physically restricts data processing to a single location.
How to eliminate wrong answers
Option B is wrong because VPC Service Controls restrict network access to resources but do not control the physical location where data is processed; they cannot prevent BigQuery from processing data in a different region within a multi-region. Option C is wrong because Customer-Managed Encryption Keys (CMEK) control encryption at rest but have no impact on where data is processed or stored; the key location does not enforce data residency. Option D is wrong because BigQuery reservations manage slot capacity and query priority, not the geographic location of data processing; they cannot force processing to occur in a specific region.