Preview

02 - GDPR

 1. GDPR stands for
GDPR1.jpg

  Government Department of Public Relations

  General Data Protection Regulation

  General Digital Policy Regulation

  Global Defense Product Research

 2. GDPR is designed to help people protect and control use of their personal data.
GDPR2.jpg.png

  True

  False

 3. Fill in the blanks.
Personal data covered by GDPR includes _________________.

  your name, identification number, location data or online identifier, and, under some circumstances, this can extend to images, and details about your family

  your name, email address, date of birth and passport number, bank details, social network posts, medical information and computer IP address - but nothing else

  your name, date of birth, and address - but nothing else

  anything and everything you define as being personal to you

 4. Fill in the blanks.
You have entered your personal data into an app for registration purposes. The app should not use this data without your consent for ____________.
GDPR3.jpg

  maintaining a database of users

  logging you into the app the next time you use it

  storing your password

  direct marketing about other products

 5. GDPR came into force in May 2018.

  FALSE

  TRUE

 6. GDPR applies to all departments within an organisation that have access to personal data.

  FALSE

  TRUE

 7. If an app wants to access your location and contacts, how should it work to comply with the GDPR?
GDPR4.jpg.png

  The app explains how this data will be used and asks for your consent

  The app shows you a pre-ticked box saying you agree to its terms

  The app can access your location with your consent but not your contacts because they are someone else's personal data

  It happens automatically the first time you open the app

 8. If your organisation does not comply with GDPR, what is the maximum penalty?
GDPR5.jpg

  1 million euros

  There is no penalty

  10 million euros or 10% of global annual turnover from the preceding financial year

  20 million euros or 4% of global annual turnover from the preceding financial year

 9. A subject access request can only be made via an email or a website.

  FALSE

  TRUE

 10. Fill in the blanks.
You were in an accident. Now you are unconscious and in need of a surgery. Your doctor can ____________________.

  disclose details if your next of kin agrees

  share details about your medical history only if they have your explicit consent

  share any details about your medical history they believe is necessary to save your life

  disclose nothing that you haven't already put in the public domain

 11. If someone follows a company on social media, the company can assume that they have consented to receiving promotional messages.

  True

  False

 12. What is a common name for 'special categories of data'?

  proprietary data

  personal data

  sensitive data

  confidential data

 13. Fill in the blanks.
In case of personal data breach, the data subject must be informed _________________.

  when requested by a supervisory authority

  when the breach is likely to result in a high risk to the freedoms and rights of one or more persons

  always

  never

 14. Consent for data collection, storing and use has to be:

  assumed

  explicit

  in writing

  freely given, specific, informed and unambiguous

 15. Pseudonymized data qualifies as personal data if not sufficiently anonymized.

  TRUE

  FALSE