Data Privacy Awareness Quiz Welcome to the Data Privacy Awareness Quiz Name Company Email Address 1. GDPR is limited to personal data processed in the EU only ? False True 2. Which one of these is NOT an example of personal data ? Full Name Business web address Home Address Website cookie on your computer 3. How many principles of GDPR are there ? 3 9 4 7 4. Which one of these is NOT a data subject right under GDPR ?. Right to be informed Right of first refusal Right to erasure Right to data portability 5. You suspect a personal data breach, what is a recommended course of action ? Ignore your suspicions and don't take any action. Add a note in your calendar to further research it when you have time. Google possible responses to personal data breaches Open your companies incident response plan or contact the IS dept 6. A data subject access request gives individuals the right to do what within 45 days ? [Select all that apply] Request that their personal data be deleted Request a copy of their data Request that their data be corrected Request that future data collection be opt-out from Request their personal data free of charge 7. The principle of data minimization is one of 7 GDPR principles, which of these best describes the principle ? Personal data should only be collected for specified, explicit and legitimate purposes. Personal data should contain a name and address at a minimum. Data minimization only applies to archived data Data minimization only applies to public company data 8. GDPR provides for 6 legal bases for processing data, which of these are valid bases ? (select 5) Legitimate interest Consent of the individual involved Contractual obligation Data warehousing requirements Vital Interests Legal Obligation Intellectual property law 9. Data breaches can lead to company closure ? True False 10. In the context of GDPR, which one of these best describes a data protection authority (DPA) ? A registered charitable organization An independent public authority with supervisory and data protection enforcement powers A privately funded industry watchdog A training organization for data protection practitioners 11. Which one of these is NOT a job function for a DPO (Data Protection Officer) ? Monitor compliance with GDPR regulations Conduct awareness training for employees Communicate with data protection authorities in cases of a breach Investigate fraudulent personal injury claims 12. Which two of these are defined as special category data under GDPR ? Childrens data and criminal data Childrens data and credit card data Criminal data and credit card data Name and address data 13. A record of processing activities (ROPA) must be maintained by controllers and processors for organizations with over 250 employees ? True False 14. In which circumstances are organizations exempt from reporting a personal data breach ? (select two) The personal data is encrypted It might involve disproportionate effort when other more effective means of reporting a breach are possible The personal data is unencrypted Its been more that 72 hours since the breach occured 15. The maximum fine under GDPR is which of the following ? €10m or 2% of annual global turnover €20 or 4% of annual global turnover €55 million euro $20 million dollars 16. Which one of these are examples of poor physical and technical security safeguards ? choose 4 Short passwords (less than 8 characters) Weak alerting procedures The latest encryption standards being applied on comapany servers Unencrypted customer databases No CCTV policy 17. Which one of these is NOT a requirement under GDPR ? Privacy awareness training Personal data encryption Data processing agreements with processors (if any) Data maximization principle 18. The attached image is an example of compliance with which legal basis for processing ? Consent Contractual obligation Vital interests Legitimate interest Cookie basis 19. GDPR is a voluntary regulation ? True False 20. Which one of these are main causes for data breaches ?, Select 2 Lack of transparency of how personal data is collected and used Lack of security testing and alerting procedures Lack of a data retention policy Staffing shortages 1 out of 20 Time's up Paul2023-07-07T12:24:27-07:00
