Lawfull processing
Before you use somebody’s data, do you need to get their approval (consent)?
When you are using your employees' social security number in an HR context, you are doing so based on which of the following legal grounds?
"Which of the following is true? A. Personal data retrieved from a public source can be used for direct marketing purposes, if that public source is the social media. B. Personal data made public by a person can without any condition be used for direct marketing purposes. Public information is for everyone to use."
"..by continuing to use this website you agree for us to use advertising cookies" is
Is direct marketing permitted under GDPR?
Can I make it mandatory for someone to share their name and e-mail address with my organisation, as a condition to participate in a free competition that my organisation launches, so that I can send out direct marketing material later?
The Records of Processing Activities is
Where a Controller RoPA is required and, where possible, it must contain which of the following?
The Records of Processing Activities must be kept regarding
In what form must a RoPA be maintained?
Someone's asking if my organisation is processing data on him. Do I have to answer?
Which of the following is true? Controller A must facilitate personal data transfer directly to Controller B where …
Should I inform the person that I am collecting personal data from them for direct marketing purposes?
"The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. Which of the below is considered personal data? A. Badge number B. Credit Score C. Names of the parents, mother tongue D. The story of clicks on your website, IP address"
Is it true that only companies having a website are required under GDPR to publish information (also often referred to as privacy notice) about their data processing?
Which of the following is true?
Is it true that a privacy notice has to be as complex as possible, to make sure every detail is included?
Is it good practice to copy a privacy notice that another organisation has published on its website?
Is it true that your organisaton´s privacy notice must include the name and contact details of your Data Protection Officer?
If your marketing people base their online marketing activities on website statistics, is it allowed to use these numbers via analytics cookies that are loading by default, when someone opens your website?
Using which of the following tracking technologies you have to comply with ePrivacy / GDPR?
Is it true that if your organisation places a Facebook “Like” button on its website, this Like button starts transferring personal data to Facebook’s servers, regardless of whether the visitor actually clicked the Like button or not?
Using cookies and other, similar tracking technologies...
Imagine that your IT manager has access to personal data because they can retrieve it from your company´s system. The manager downloads the names and email addresses to their personal USB and offers it to another company that wants to send brochures about e-learning webinars. Is it a data breach in your opinion?
When must a data breach be reported to the supervisory authority?
Your head of IT becomes aware on a Friday at 3pm that the entire HR database had been hacked the previous night. He decides to tell about it to the DPO first thing on Monday morning. When does the clock start ticking regarding the 72 hours reporting obligation?
Which of the following is a personal data breach?
Personal data breaches must ...
What does Data protection (or privacy) by default mean?
Is it true that the Data Protection Officer of your organisation is responsible for making the decisions as to what security measures must be in place to protect the personal data you process?
What does a DPIA stand for in GDPR?
When is it mandatory to perform a DPIA?
What do you have to do, when the results of a DPIA show, that there are residual high risks that you cannot mitigate with any measures?
What is NOT biometric data under GDPR?
Is it true that biometric data provides for 100% accuracy to identify someone?
Is it permitted under GDPR to process biometric data?
If your organisation has installed the biometric access control system before GDPR was introduced..
Storing biometric data in the cloud hosted by a supplier, ...
Which of the following is true?
Which of the following is true?
Who from the following may be a third party under GPDR?
If your organisation engages a processor, the data processing agreement must contain which of the following?
Which of the following is NOT true?
Recent Comments