Lawful processing
[Lawful processing]
Before you use somebody’s data, do you need to get their approval (consent)?
[Lawful processing]
When you are using your employees' social security number in an HR context, you are doing so based on which of the following legal grounds?
[Lawful processing]
Which of the below 2 options is correct?
"..by continuing to use this website you agree for us to use advertising cookies" is
[Lawful processing]
Which of the following is true?
A. Personal data retrieved from a public source can be used for direct marketing purposes, if that public source is the social media.
B. Personal data made public by a person can without any condition be used for direct marketing purposes. Public information is for everyone to use.
[Lawful processing]
Is direct marketing permitted under GDPR?
[Lawful processing]
Can I make it mandatory for someone to share their name and e-mail address with my organisation, as a condition to participate in a free competition that my organisation launches, so that I can send out direct marketing material later?
Records of Processing Activities (RoPA)
[Ropa]
What is a RoPA in GDPR?
[Ropa]
The Records of Processing Activities is
[Ropa]
Where a Controller RoPA is required and, where possible, it must contain which of the following?
[Ropa]
The Records of Processing Activities must be kept regarding
[Ropa]
In what form must a RoPA be maintained?
Data Subject Rights Request (DSRR)
[DSRR]
Someone's asking if my organisation is processing data on him. Do I have to answer?
[DSRR]
Which of the following is true? Controller A must facilitate personal data transfer directly to Controller B where …
[DSRR]
Should I inform the person that I am collecting personal data from them for direct marketing purposes?
[DSRR]
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed.
Which of the below is considered personal data?
A. Badge number
B. Credit Score
C. Names of the parents, mother tongue
D. The story of clicks on your website, IP address"
[DSRR]
Who is a data subject?
Privacy notice
[Privacy notice]
Is it true that only companies having a website are required under GDPR to publish information (also often referred to as privacy notice) about their data processing?
[Privacy notice]
Which of the following is true?
[Privacy notice]
Is it true that a privacy notice has to be as complex as possible, to make sure every detail is included?
[Privacy notice]
Is it good practice to copy a privacy notice that another organisation has published on its website?
[Privacy notice]
Is it true that your organisaton´s privacy notice must include the name and contact details of your Data Protection Officer?
It´s all about cookies
[It´s all about cookies]
If your marketing people base their online marketing activities on website statistics, is it allowed to use these numbers via analytics cookies that are loading by default, when someone opens your website?
[It´s all about cookies]
Using which of the following tracking technologies you have to comply with ePrivacy / GDPR?
[It´s all about cookies]
Necessary cookies ...
[It´s all about cookies]
Is it true that if your organisation places a Facebook “Like” button on its website, this Like button starts transferring personal data to Facebook’s servers, regardless of whether the visitor actually clicked the Like button or not?
[It´s all about cookies]
Using cookies and other, similar tracking technologies...
[Breach]
Imagine that your IT manager has access to personal data because they can retrieve it from your company´s system. The manager downloads the names and email addresses to their personal USB and offers it to another company that wants to send brochures about e-learning webinars. Is it a data breach in your opinion?
[Breach]
When must a data breach be reported to the supervisory authority?
[Breach]
Your Head of IT becomes aware on a Friday at 3pm that the entire HR database had been hacked the previous night. He decides to tell about it to the DPO first thing on Monday morning. When does the clock start ticking regarding the 72 hours reporting obligation?
[Breach]
Which of the following is a personal data breach?
[Breach]
Personal data breaches must ...
[DPbDD]
What does Data protection (or privacy) by default mean?
[DPbDD]
Is it true that the Data Protection Officer of your organisation is responsible for making the decisions as to what security measures must be in place to protect the personal data you process?
[DPbDD]
What does a DPIA stand for in GDPR?
[DPbDD]
When is it mandatory to perform a DPIA?
[DPbDD]
What do you have to do, when the results of a DPIA show, that there are residual high risks that you cannot mitigate with any measures?
Biometrics
[Biometrics]
What is NOT biometric data under GDPR?
[Biometrics]
Is it true that biometric data provides for 100% accuracy to identify someone?
[Biometrics]
Is it permitted under GDPR to process biometric data?
[Biometrics]
If your organisation has installed the biometric access control system before GDPR was introduced.
[Biometrics]
Storing biometric data in the cloud hosted by a supplier ...
[Data in move]
Data in move
[Data in move]
Which of the following is true?
[Data in move]
Which of the following is true?
[Data in move]
Who from the following may be a third party under GPDR?
[Data in move]
If your organisation engages a processor, the data processing agreement must contain which of the following?
[Data in move]
Which of the following is NOT true?