Question 1

The General Data Protection Regulation (GDPR) is related to the protection of personal data. What is the definition of personal data?

Accepted Answer

Any information regarding an identified or identifiable natural person

Answer

Preservation of confidentiality, integrity and availability of information

Answer

Any information that European citizens want to protect

Answer

Data that directly or indirectly reveals racial or ethnic origins, someone's religious views, and their data related to sexual health and habits

Question 2

Who is responsible for demonstrating the compliance of personal data processing with the General Data Protection Regulation (GDPR)?

Accepted Answer

The controller

Answer

The processor

Answer

The supervisory authority

Answer

The Data Protection Officer (DPO)

Question 3

In the European Union we have: Directives and Regulations. What is the difference between them?

Accepted Answer

The directive provides guidance for EU member states and they can create their own laws to suit the directive. A regulation has the force of law and all EU Member States must follow it without changing it.

Answer

The regulation provides guidance for EU Member States and they can create their own laws to conform to the regulation. A directive has the force of law and all EU Member States must follow it without changing it.

Question 4

What is the relationship between data protection and privacy?

Accepted Answer

Data protection refers to the measures needed to protect a person's privacy.

Answer

Data protection and privacy are synonyms and have the same meaning.

Answer

Data protection is the part of privacy that protects a person's physical integrity.

Question 5

What is a description of data protection by design and by default?

Accepted Answer

An approach that implements data protection from the start

Answer

Not holding more data than is strictly required for processing

Answer

An indication of timeframes if processing relates to erasure

Answer

Data may only be collected for explicit and legitimate purposes

Question 6

The GDPR refers to the principles of proportionality and subsidiarity. What is the meaning of subsidiarity in this context?

Accepted Answer

Personal data may only be processed when there are no other means to achieve the purposes.

Answer

Personal data cannot be reused without explicit and informed consent.

Answer

Personal data can only be processed in accordance with the purpose specification.

Answer

Personal data must be adequate, relevant and not excessive in relation to the purposes.

Question 7

While performing a backup, a data server disk crashed. Both the data and the backup are lost. The disk contained personal data, but no special category personal data. The processor states that this is a personal data breach. Is the statement of the processor true?

Accepted Answer

Yes, because the personal data on the disk were unlawfully processed.

Answer

No, because no personal data on the disk were processed, only destroyed

Answer

Yes, because there were no special category personal data stored on the disk.

Answer

No, because this is only a security incident and not a data breach

Question 8

Which of the options below best represents data protection by design?

Accepted Answer

It aims to incorporate security measures to protect data from the moment it is collected, throughout the processing and until its destruction at the end of the process

Answer

It aims to ensure that personal data is automatically part of a protection process.

Answer

It aims to create privacy impact analysis procedures (DPIA), notifications of breaches of privacy and fulfil requests from data subjects.

Question 9

Who is responsible for demonstrating the compliance of personal data processing with the General Data Protection Regulation (GDPR)?

Accepted Answer

The controller

Answer

The processor

Answer

The Data Protection Officer (DPO)

Answer

The supervisory authority

Question 10

What is the purpose of Data Lifecycle Management (DLM)?

Accepted Answer

Ensure that the processing of personal data, throughout its useful life complies with the GDPR

Answer

Ensure data confidentiality and availability throughout its useful life

Answer

Ensure data integrity and its periodic update

Answer

Ensure data confidentiality throughout its useful life, from collection to deletion

Question 11

A breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. What is the exact term that is associated with this definition in the GDPR?

Accepted Answer

Personal data breach

Answer

Confidentiality violation

Answer

Security incident

Answer

Security breach

Question 12

We know that when browsing the internet there is a lot of personal data that is collected. One mechanism for collecting this data is cookies. How do marketers use this collected personal data?

Accepted Answer

They create behavioral profiles, applying tags to web page visitors. These profiles can be marketed and used in targeted marketing campaigns.

Answer

Collecting the logs from the web servers, they analyze which products are most visited and sold, promoting marketing campaigns for these products.

Answer

Collecting logs from web servers and running campaigns promoting products on social media.

Question 13

According to the GDPR, what is a description of binding corporate rules (BCR)?

Accepted Answer

A decision on the safety of transferring personal data to a non-EEA country

Answer

A set of agreements covering personal data transfers between non-EEA countries

Answer

A set of approved rules on personal data protection used by a group of enterprises

Answer

A measure to compensate for the lack of personal data protection in a third country

Question 14

A controller asks a processor to produce a report containing customers who have purchased a particular product more than once in the past 6 months. The processor provides services to several companies (which in this case are the controllers). When generating the requested report, it uses customer data collected by another controller, that is, for a different purpose. Fortunately, the error is noticed in time, the report is not sent, and nobody has had access to this data. In this case, how does the processor need to proceed and what action should the controller take?

Accepted Answer

The processor needs to notify the controller. And the controller can assess whether there were risks to the data subjects.

Answer

As the error was noticed in time and the report was not sent, there is no need for the processor to inform the controller. The processor must delete the wrong report and generate a new one, this time with the correct data.

Answer

The processor notifies the Supervisory Authority that a violation has occurred. The controller will be notified and must perform a Data Protection Impact Assessment (DPIA).

Answer

The processor needs to notify the controller so that the controller notifies the Supervisory Authority of the personal data breach.

Question 15

The controller responsible for the UK Child Sexual Abuse Investigation body reported a data breach to the supervisory authority in the UK on 28 February 2019. People who had registered their interest in participating in forums and debates for victims of child sexual abuse received an email that contained the email addresses of everyone else who had also registered. Which category does this data breach fit into?

Accepted Answer

This data breach should only be reported to the Data Protection Authority.

Answer

This data breach must be reported to the Data Protection Authority and the data subjects.

Answer

This data breach should only be reported to data subjects.

Answer

It is not necessary to notify the Supervisory Authority, as this data breach presents minimal risks to the holders.

Related quizzes

Related quizzes