02 - GDPR

 1. GDPR stands for

  Global Defense Product Research

  General Data Protection Regulation

  General Digital Policy Regulation

  Government Department of Public Relations

 2. GDPR is designed to help people protect and control use of their personal data.



 3. Fill in the blanks.
Personal data covered by GDPR includes _________________.

  your name, date of birth, and address - but nothing else

  your name, email address, date of birth and passport number, bank details, social network posts, medical information and computer IP address - but nothing else

  your name, identification number, location data or online identifier, and, under some circumstances, this can extend to images, and details about your family

  anything and everything you define as being personal to you

 4. Fill in the blanks.
You have entered your personal data into an app for registration purposes. The app should not use this data without your consent for ____________.

  maintaining a database of users

  direct marketing about other products

  logging you into the app the next time you use it

  storing your password

 5. GDPR came into force in May 2018.



 6. GDPR applies to all departments within an organisation that have access to personal data.



 7. If an app wants to access your location and contacts, how should it work to comply with the GDPR?

  The app explains how this data will be used and asks for your consent

  It happens automatically the first time you open the app

  The app shows you a pre-ticked box saying you agree to its terms

  The app can access your location with your consent but not your contacts because they are someone else's personal data

 8. If your organisation does not comply with GDPR, what is the maximum penalty?

  There is no penalty

  1 million euros

  20 million euros or 4% of global annual turnover from the preceding financial year

  10 million euros or 10% of global annual turnover from the preceding financial year

 9. A subject access request can only be made via an email or a website.



 10. Fill in the blanks.
You were in an accident. Now you are unconscious and in need of a surgery. Your doctor can ____________________.

  disclose details if your next of kin agrees

  share any details about your medical history they believe is necessary to save your life

  disclose nothing that you haven't already put in the public domain

  share details about your medical history only if they have your explicit consent

 11. If someone follows a company on social media, the company can assume that they have consented to receiving promotional messages.



 12. What is a common name for 'special categories of data'?

  confidential data

  sensitive data

  personal data

  proprietary data

 13. Fill in the blanks.
In case of personal data breach, the data subject must be informed _________________.

  when the breach is likely to result in a high risk to the freedoms and rights of one or more persons


  when requested by a supervisory authority


 14. Consent for data collection, storing and use has to be:

  in writing

  freely given, specific, informed and unambiguous



 15. Pseudonymized data qualifies as personal data if not sufficiently anonymized.