Lawful processing
Before you use somebody’s data, do you need to get their approval (consent)?
Lawful processing
When you are using your employees' social security number in an HR context, you are doing so based on which of the following legal grounds?
Lawful processing
Which of the below 2 options is correct?
"..by continuing to use this website you agree for us to use advertising cookies" is
Lawful processing
Which of the following is true?
A. Personal data retrieved from a public source can be used for direct marketing purposes, if that public source is the social media. B. Personal data made public by a person can without any condition be used for direct marketing purposes. Public information is for everyone to use.
Lawful processing
Is direct marketing permitted under GDPR?
Lawful processing
Can I make it mandatory for someone to share their name and e-mail address with my organisation, as a condition to participate in a free competition that my organisation launches, so that I can send out direct marketing material later?
Records of Processing Activities (RoPA)
Ropa
What is a RoPA in GDPR?
Ropa
The Records of Processing Activities is
Ropa
Where a Controller RoPA is required and, where possible, it must contain which of the following?
Ropa
The Records of Processing Activities must be kept regarding
Ropa
In what form must a RoPA be maintained?
Data Subject Rights Request (DSRR)
DSRR
Someone's asking if my organisation is processing data on him. Do I have to answer?
DSRR
Which of the following is true? Controller A must facilitate personal data transfer directly to Controller B where …
DSRR
Should I inform the person that I am collecting personal data from them for direct marketing purposes?
DSRR
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed.
Which of the below is considered personal data? A. Badge number B. Credit Score C. Names of the parents, mother tongue D. The story of clicks on your website, IP address"
DSRR
Who is a data subject?
Privacy notice
Is it true that only companies having a website are required under GDPR to publish information (also often referred to as privacy notice) about their data processing?
Privacy notice
Which of the following is true?
Privacy notice
Is it true that a privacy notice has to be as complex as possible, to make sure every detail is included?
Privacy notice
Is it good practice to copy a privacy notice that another organisation has published on its website?
Privacy notice
Is it true that your organisaton´s privacy notice must include the name and contact details of your Data Protection Officer?
It´s all about cookies
If your marketing people base their online marketing activities on website statistics, is it allowed to use these numbers via analytics cookies that are loading by default, when someone opens your website?
It´s all about cookies
Using which of the following tracking technologies you have to comply with ePrivacy / GDPR?
It´s all about cookies
Necessary cookies ...
It´s all about cookies
Is it true that if your organisation places a Facebook “Like” button on its website, this Like button starts transferring personal data to Facebook’s servers, regardless of whether the visitor actually clicked the Like button or not?
It´s all about cookies
Using cookies and other, similar tracking technologies...
Breach
Imagine that your IT manager has access to personal data because they can retrieve it from your company´s system. The manager downloads the names and email addresses to their personal USB and offers it to another company that wants to send brochures about e-learning webinars. Is it a data breach in your opinion?
Breach
When must a data breach be reported to the supervisory authority?
Breach
Your Head of IT becomes aware on a Friday at 3pm that the entire HR database had been hacked the previous night. He decides to tell about it to the DPO first thing on Monday morning. When does the clock start ticking regarding the 72 hours reporting obligation?
Breach
Which of the following is a personal data breach?
Breach
Personal data breaches must ...
DPbDD
What does Data protection (or privacy) by default mean?
DPbDD
Is it true that the Data Protection Officer of your organisation is responsible for making the decisions as to what security measures must be in place to protect the personal data you process?
DPbDD
What does a DPIA stand for in GDPR?
DPbDD
When is it mandatory to perform a DPIA?
DPbDD
What do you have to do, when the results of a DPIA show, that there are residual high risks that you cannot mitigate with any measures?
Biometrics
What is NOT biometric data under GDPR?
Biometrics
Is it true that biometric data provides for 100% accuracy to identify someone?
Biometrics
Is it permitted under GDPR to process biometric data?
Biometrics
If your organisation has installed the biometric access control system before GDPR was introduced.
Biometrics
Storing biometric data in the cloud hosted by a supplier ...
Data in move
Which of the following is true?
Data in move
Which of the following is true?
Data in move
Who from the following may be a third party under GPDR?
Data in move
If your organisation engages a processor, the data processing agreement must contain which of the following?
Data in move
Which of the following is NOT true?