GDPR

The GDPR is a future proof directive that must be abided by each EU member state and by any organisation that trades within the EU or with EU data. (Select true or false.)

In the UK, which one of the following regulations is replaced by the GDPR?

The data controller says how and why personal data is processed and the data processor acts on the controller’s behalf. (Select true or false.)

Which of the following are reasons for implementing the GDPR? (You may select more than one answer.)

Under the GDPR, an organisation must have an individual’s ‘explicit consent before they can use their personal data. (Select true or false.)

Which one of the following assessments is a process which assists organisations to identify and minimise privacy risks in new data system projects?

Organisations can appoint a Data Protection Officer (DPO) even when the GDPR doesn’t oblige them to do so. (Select true or false.)

In the event of a personal data breach which of the following information must be provided to the ICO?

The Information Commissioner’s Office (ICO) must be informed of a personal data breach with how many hours? (Select one answer.)

Under the GDPR’s two tier fine system, if a data breach occurs that puts what authorities deem to be highly important data at risk. The data controller or processor will be subject to a tier one fine up to: (Select one answer)

Under the GDPR’s two tier fine system, if a data breach occurs that puts what authorities deem to be less important data at risk. The data controller or processor will be subject to a tier two fine up to: (Select one answer)

Following privacy by design principles helps to identify potential privacy issues at an early and less costly stage in the design and development process. (Select true or false.)

Which three of the following are individuals rights under the GDPR.

The GDPR requires that information provided by an organisation to individuals about the processing of personal data should be: (Select one answer.)

The GDPR stipulates that information must be provided without delay and at the latest within three months of receipt of the request. (Select true or false.)

Read the following sentences about the Right of Access and select the ones that you think are true and which are false.

The right to erasure provides and absolute right for individuals to be forgotten. (Select true or false.)

Which one of the following is a machine readable digital file format that can be used to implement data portability?

The processing of personal data for direct marketing purposes must stop within 48 hours from when the organisation receives an objection.

An organisation must deal with an objection to processing for direct marketing at any time and free of charge.

Individuals must be informed of their right to object ‘at the point of first communication’ and in the organisation’s privacy notice.

This must be ‘explicitly brought to the attention of individuals within 30 days and shall be presented clearly and separately from any other information.

Where an organisation’s processing operation includes automatic decision making, individuals have the right not to be subject to a decision when: (Select one answer.)

If an individual is under __ years of age, an organisation must have the ‘explicit consent’ of their parent or legal guardian before they can use their personal data. (Select the correct age.)