Privacy & Data Protection Essentials Courseware - English. Ruben Zeegers

Privacy & Data Protection Essentials Courseware - English

Privacy & Data Protection Essentials Courseware - English - Ruben Zeegers

Скачать книгу
of personal data has to meet certain quality requirements.

      What is one of these quality requirements defined by the GDPR?

      A) The data processed must be archived.

      B) The data processed must be encrypted.

      C) The data processed must be indexed.

      D) The data processed must be relevant.

       11 / 20 "The controller shall implement appropriate technical and organizational measures for ensuring that (...) only personal data which are necessary for each specific purpose of the processing are processed."

      Which term in the GDPR is defined?

      A) Compliance

      B) Data protection by default

      C) Privacy by design

      D) Embedded protection

      12 / 20 What is the term used in the GDPR for unauthorized disclosure of, or access to, personal data?

      A) Confidentiality violation

      B) Data breach

      C) Incident

      D) Security incident

      13 / 20 A social services organization plans to design a new database to administrate its clients and the care they need.

      In order to request permission with the supervisory authority, what is one of the first important steps to be taken?

      A) Collect data about the clients and the amount and kind of care needed and provided.

      B) Conduct a data protection impact assessment (DPIA) to assess the risks of the intended processing.

      C) Obtain consent of the clients for the intended processing of their personal data.

      14 / 20 A Dutch controller has contracted the processing of sensitive personal data out to a processor in a North African country, without consulting the supervisory authority. Is was discovered and he was penalized by the supervisory authority. Six months later the authority finds out that the controller is guilty of the same transgression again for another processing operation.

      What is the maximum penalty the supervisory authority can impose in this case?

      A) € 750,000

      B) €1,230,000

      C) € 10,000,000 or 2% of the company's worldwide turnover, whichever is higher

      D) € 20,000,000 or 4% of the company's worldwide turnover with a minimum of € 20,000,000 whichever is higher

      15 / 20 Supervisory Authorities are assigned a number of responsibilities aimed at making sure data protection regulations are complied with.

      What is one of those responsibilities?

      A) Assessing codes of conduct for specific sectors relating to the processing of personal data.

      B) Defining a minimum set of measures to be taken to protect personal data.

      C) Investigation of all data breaches of which they have been notified.

      D) Review of contracts and BCRs on compliance with the regulations.

      16 / 20 Binding corporate rules are a means for organizations to ease their administrative burden when complying with the GDPR.

      How do these rules help them?

      A) They allow them to have underpinning contracts with all parties involved abroad.

      B) They allow them to let third parties outside the European Economic Area process personal data.

      C) They avoid the need to approach each supervisory authority in the EU separately.

      D) They prevent them from having to ask a supervisory authority for permission for the processing of the data once their BCR are accepted.

      17 / 20 What should be done so that a Controller is able to outsource the processing of personal data to a Processor?

      A) The Controller must ask the supervisory authority for permission to outsource the processing of the data.

      B) The Controller must ask the supervisory authority if the agreed upon written contract is compliant with the regulations.

      C) The Controller and Processor must draft and sign a written contract guaranteeing the confidentiality of the data.

      D) The Processor must show the Controller all demands agreed upon in the Service Level Agreement (SLA) are met.

      18 / 20 Often staff that works with personal data consider privacy and information security as separate issues.

      Why is this wrong?

      A) Privacy can’t be guaranteed without identifying, implementing, and monitoring proper information security measures.

      B) The supervisory authority expects the roles of data protection officer and Information security officer to be integrated.

      C) The regulations identify specific information security measures that must be taken before handling personal data is allowed.

      19 / 20 Session cookies are one of the most common types of cookie.

      What best describes a session cookie?

      A) It contains information on what you are doing, for instance the products you select in a web shop before you actually order.

      B) It reveals your browse history, so other websites can find out which websites you have visited before you arrived there.

      C) It stores your browse history, so you can trace where you have been on the net and revisit those site(s) if you want.

      D) It collects your personal data, so the website can greet you by name and reuse your settings when you return.

      20 / 20 Sometimes websites track visitors and store their information for marketing purposes.

      Is the website obliged to notify the visitor that their information is being used for marketing purposes?

      A) Yes

      B) No

      1 / 20 The illegal collection, storage, modification, disclosure or dissemination of personal data is an offence by European law.

      What kind of offence is this?

      A) a content related offence

      B) an economic offence

      C) an intellectual property offence

      D)

Скачать книгу