[PDF] [PDF] GDPR Training modules questions and answerspdf

View - Download [PDF] GDPR Training modules questions and answerspdf

Previous PDF

Next PDF

Module 1 assessmentPage 1 of2

Module 1 Assessment - Please answer all of the following multiple choice questions Your score is 5 out of 14. Please see below for correct answers (remember to click 'submit' once you are finished) Q1.The GDPR doesn't include a chapter covering.... (a) lnternational transfers (b) Exemptions (c) The responsibilities of data controllers and processors

Q2.Which of the following is correct?

(a) The GDPR only applies to organ¡sat¡ons based within the EU.

(b) The GDPR covers any processing of personal data of people in the EU, regardless of whether the organisat¡on

concerned is based in the EU. (c) The GDPR covers organisations outside the EU who offer goods and services to people in the EU

Q3.Complete the statement:

The definition of personal data in the GDPR...;

(a). .. is narrower than the definition in the DPA (b). . . is broader then the definition in the DPA (c) ... is more explicit than the definition in the DPA

Q4.True or false, under the GDPR the term 'manual fìling system' is likely to cover files structured in date order

(a) True (b) False QS.Which one of these activities falls outside the scope of the GDPR; (a) Processing for marketing purposes (b) Processing for domestic and household purposes (c) Processing for the purposes of crime and investigations (d) Processing for the purposes of journalism literature and art Q6.True or false; the GDPR makes provision for individual member states to add their own exemptions. (a) ïrue (b) False

QT.Which of the following do 'sensitive personal data' and 'special categories of personal data' have in common?

(a) They are both subject to additional conditions/bases for processing. (b) They each cover information about religious and political beliefs. (c) They each cover information about the commission of offences and proceedings for offences Q8. The GDPR introduces a new data protection principle that requires organisations to (a)...demonstrate compliance with the principles (b)... co-operate with the supervisory authority (c)... report data protection breaches

Q9.True or false;

Data controllers are still required to register/notify under the GDPR; file.lllC:lUsers/oakesa./ÃppData/Local/MicrosofVWindows/Temporary%o2llntemetoÁ... 1210612017

Module 1 assessmentPage 2 of2

(a) True (b) False Q10.ln the event of a breach, the data subject has a right to complain to; a) the supervisory authority in their place of residence b) the supervisory authority in their place of birth c) The supervisory authorig in their place of work d)The supervisory authority in the place where the incident occurred Q1 l.Which of these statements about consent under the GDPR is correct? (a) lt must be as easy to withdraw consent as it is to give it (b) Consent must be provided through a clear and affirmative action (c) Any request for consent must be easy to distinguish (d) The data subject must be able to withdraw their consent at any time.

Q 1 2. Complete the statement.

Where a data controller wants to offer online information services to a child under 16 on the basis of consent, it can't do

so unless... (a) ... it has the authorisation of their parent or guardian (b) ...the content is child friendly (c) ... the child has given their written consent

Q13.True or false, the GDPR regulations on profiling will only apply where that profiling is carried out by automated

means. (a) True (b) False Q14.When carrying out profiling activities the data controller must ensure that it; (a) provides the data subjects with meaningful information about the logic involved (b) uses appropriate mathematical or statistical procedures

(c) implements appropriate measures to enable correction of inaccuracies and minimise the risk of errors

Please remember to click the 'submit' option

EEZZ.ZT7

i 9 Rosot I Sr.ùmiÎ Ituidrbr mnp fJJe:lllC:lUsers/oakesa/ AppData/Local/Microsoft/Windows/TemporaryYo2}Intemeto/o... 1210612017 lvlooule z assessmenlrage I ot J Your score is 4 out ol 17. Please see below for correct answers (remember to click the'submit' option once you are finished: flç *, Ql,Which of the following stalements about the right to rectification is incorrect; (a) Dataa right to have inaccurate data reclified

Datahave atodata

where possible. Q2,The right to obJect empowers the data subject to,",. Q3.ln whlch of these cases is the right to obþt absolute? (a) \Mere the,processing is based on legilimate interests. (b) \lvhere the processing is for scientific, hlslorlcalr lesearch and statistical purposes.

Q4.Which of the following statements ls false:

The right of data portabil¡ty.-,,.

(a)...allows data subjec'ts to obtain and reuse thelt data across different services. (b)subjects to have thêir data transferred directly from one data controller to another" :t '4

Q5.The right to portability won't apply if;

(a) The data controller is a public authority:ffiol (c) The dâtâ involved is held on a manual filing system t Q6.ln which of these circumstances could a data subject exercise their rlght to be forgotten? http s : //www, snaps urvey s. com/wh/siam/survey landin g/interviewer.aspL3/01/2017

Module 2 assessmentPage? of3

QT.True of false: The right to be forgotten is an absolute right. (a) TrueffiFae

Q8.\Mere the data subject has excersed their ilght to be forgotten and the data controller operates in an onllne

environment in which it makes personal data public (e.9. a sociel networking site), then that data c-onûoller must inform

other organisations who are processing the data in question so they can...... record the data subject's obJections

Q9.Complete the stalement;

lf the data subjecf has exercised their right to reslriction then the datà controller... (a),,,,must erase the dataundue delay lhecircumstances Q10.1¡1/hich of lhese statements about the right to restridion are conect; to cause damageand distress. their right tothe courts.

The right to restrlction is an absolute right.

Q1 l.Under the GDPR a dala controller receiving a SAR may ask the data subþct for;

A Ê10 fee

cosls. in staff time of locatinginformation Ql2.Under the GDPR, a data controller must respond to a SARi (a) Within 40 calendar days (b) Wthin 28 calendar days

þF:liïltLiln'ãi obtfr.rr

(d) Wthin 21 working days t ' ',

Q13,Irue or false, under the GDPR a data conlroller may refuse a subject açAEess request that is excessive in naturre

tñ¡,.Tfüg ';r; https : //www. snapsurveys. com/wf/siam/survey landing/intewi ewer. asp13t0112017 lvlogule ¿ assessmentrage J 01 J (!,J,*s,¡ i:r *ft*;lt' (b) False

Q14.Where a data controller has made an automated decísion, the GDPR gives thê data subJect a right to,,

Q15.1 /hich of these statements ls correct;

The right to restrict automaled procesaing doesn't apply i1,,, processing ishislorical, research or statistical purposes

Q16.True or false. The GDPR obliges data controllers to provide a wider range of fair procoesing information than is

required by the DPA.

Ql7.!Vhere a data cantroller is wriling privacy notices aimed at children it should take parlicular care to..^

(a) (b) use easy to roâd fonts provide a glossary oflerms ..use tick boxes lnstead

Please remember to click the 'submit' option

https ://www. snapsurvey s. com/wh/siam/surveylandingiinterviewer. aspt3/01/2at7

MO(IUIC J aSSCSSmgntrage t or ¿

Your score is 4 out oI 11. Please see below for correct answers (remember,,,+l d

Ql,Which of tha following statements is false;

A data controller must appoint a data protection oflicer if... ..it is a (d) ...¡t carries out regular and systematic large scale monitoring of dâta subjects

Q2.True or false - a group of companies or public authorities may appoint a single data protection officer to represent

them all to click'submit'once you are finisheÇ): Q3.The GDPR states thât the data,protection officer should; an piolect¡on qualification ftrffi(b) False {Þ)jl"618ê, r!

Q4.True or false. The requirement to ma¡nta¡n records of processíng is obligatory for organisations that employ 250 staff

or more, Q5.$Miich of the following statements are correct;

The requirement lo maintain records on processing will apply to an organisation with less lhan 250 employees if.,,

processes very Q6.Under lhe GDPR, a data controller must carry out a data protect¡on impact assessment if...; ,""it is carryingprofiling "-, it ís a public authority act¡ng in the course of its public functions https ://www. snapsurveys. com/wh/siamlsurveylanding/interviewer. aspt3l0v20t7

Module 3 assessmentPage2 of2

Q7.The GDPR says that an data protection impac't assessment will be particularly required if the processing. ".

QS.True of false -under the GDPR it is mandatory for data controllers to implement measures to show that they have

considered and integrated data protection into their processing activities.ffi(n)False'

Q9;lûJttich of these stalemenls ere correct;

The advantage of signing up lo a certification scheme or code of conduct is that the data controller/processor

it authoñg Ql l.Certification can be issuad and wlthdrawn by; (a) the certificalion (b) the supervlsoryffi

Please remember to click the 'submit' option

Ili*ir* ]*lJ".lï*ï

{ $n,å*i, .{ *'*fS" body aulhority s$"q#dv {*l$t} https : //www,snapsurveys, com/wh"/si amlsurveylanding/interviewer. asp13l0v20t7 Your score is 2 out of 8. Please see below for correct answers (remember to click'submit'once you are finished): Ql,True or false: Under the GDPR, data controllers must report every data authority (a) Trueffi

Q2.The data controller will be required to notlff the data subjects of the breach if the incident.. . ;

...involvedbeing released into lhe public domaln

Q3.The GDPR states that data controllers must implement appropriate technical and organisalional measures to,..

Q4;1#fiich of the following statements about the GDPR's impac{,on data processors ar€ true. processors

QS.True or false, A data processor cannot employ another data prooessor n ithout the data controller's written consenl.

1þ) 'F',*ls$

Q6.ln the event of a data protection breach by the data processor, that processor must notit; (a) the supervisory authorityffi (¿) the deta subjects Q7.The maximum adminíslrative fine lhan can be issued undor the GDPR is;

5 million euros or 1% of worldwide turnover

15 million euros or 3% of worldwide turnover

eutos protecti* breach to the ,uo"t,roryt'* https :i/www.snapsurveys, com/wh/siam/surveylanding/interviewer. aspt3101120r7

Module 4 assessment

QS.Which of thE followlng statements about the GDPR admlnlstratlve fne scheme are correct; admlnlstratlvecanbe issued

Please remember to click the 'submit' option

_t

Page2 of2

¡l*a ¡t

Ëffi'

https //www. snapsurveys. com/wh/siam/surveylanding/interviewer.aspß/ay20t7quotesdbs_dbs17.pdfusesText_23

[PDF] ge requirements

[PDF] geignement expiratoire definition

[PDF] gel hand sanitizer dispenser

[PDF] gem county current arrests

[PDF] gemini crosswords

[PDF] gen4 display

[PDF] genc 2 letter code

[PDF] gender and disease

[PDF] gender and wellness

[PDF] gender balance on corporate boards 2019

[PDF] gender differences in health and fitness

[PDF] gender diversity in board of directors uk

[PDF] gender diversity on boards

[PDF] gender films

[PDF] gender healthcare