Privacy & Data Protection Essentials Courseware - English. Ruben Zeegers
a privacy offence
A) Incorrect. A content related offence concerns dissemination of racist statements, (child) pornography or information inciting violence.
B) Incorrect. Economic offences relate to unauthorized access to systems (hacking, distribution of viruses, etc.) computer espionage, -forgery, and - fraud).
C) Incorrect. Intellectual property offences pertain to violations of copyright and related rights.
D) Correct. Any illegal processing of personal data is an offence. No Source: basic knowledge.
2 / 20 How are privacy and data protection related to each other?
A) Data protection is a subset of privacy.
B) Privacy is a subset of data protection.
C) They are the same thing.
D) You cannot have privacy without data protection.
A) Incorrect. Privacy spans a lot of concepts like spatial, relational, bodily and information privacy. Data protection has no relation to some of these.
B) Incorrect. Privacy spans a lot of concepts like spatial, relational, bodily and information privacy. Data protection helps to guarantee some of these.
C) Incorrect. Data protection for example has nothing to do with spatial privacy.
D) Correct. Data protection is a necessary measure to protect the fundamental right to privacy. Source: White Paper – Privacy, Personal Data and the GDPR - §1.3 Definitions
3 / 20 The word 'privacy' is not mentioned in the GDPR.
How is 'privacy' related to 'data protection'?
A) Data protection is a set of rules and regulations on processing personal data. Privacy is the result of data protection.
B) Privacy is the right to be protected from interference in personal matters. Data protection is the means to implement that protection.
C) Privacy is the right to keep personal matters secret. Data protection is the right to keep personal data secret.
D) The terms 'privacy' and 'data protection' are interchangeable. There is no real difference in meaning.
A) Incorrect. Privacy is a right, data protection is the means to ensure it.
B) Correct. Source: White Paper – Privacy, Personal Data and the GDPR - § 1.3 Definitions.
C) Incorrect. Privacy is a right, data protection is the means to ensure it.
D) Incorrect. Privacy is a right, data protection is the means to ensure it.
4 / 20 The GDPR is related to personal data protection.
What is the definition of personal data?
A) any information relating to an identified or identifiable natural person
B) any information that the European citizens would like to protect
C) data that directly or indirectly reveal someone's racial or ethnic background, religious views, and data related to health or sexual habits
D) preservation of confidentiality, integrity and availability of information
A) Correct. This is the official definition of the data protection. Source: EU GDPR, A pocket guide - Chapter 2 Terms and definitions GDPR 2016/679 Article 4: definition
B) Incorrect. This definition is too generic.
C) Incorrect. This is the definition of sensitive data not of generic personal data.
D) Incorrect. This is the definition of information security from ISO/IEC 27000:2014.
5 / 20 Which information is regarded as personal data according to the GDPR?
A) Information about a person, which might harm the privacy of that person, even when untrue
B) Any information regarding an identifiable natural person
C) Information, regarding an identifiable natural person, which is digitalized
A) Incorrect. Any statement about an identifiable natural person is personal data according to the GDPR.
B) Correct. Source: EU GDPR, A pocket guide – Chapter 2 Term and definitions - Personal data & GDPR art.4 (1).
C) Incorrect. Any statement about an identifiable natural person is personal data according to the GDPR.
6 / 20 Which right of data subjects is explicitly defined by the GDPR?
A) A copy of personal data must be provided in the format requested by the data subject.
B) Access to personal data without any cost for the data subject.
C) Personal data must be always changed at the request of the data subject.
D) Personal data must be erased at all times if a data subject requests this.
A) Incorrect. It has to be provided in a structured, commonly used and machine-readable format, but not necessarily in any format the Data Subject specifies.
B) Correct. However only the first copy has to be provided free of cost. Source: EU GDPR, A pocket guide – Chapter 3 The Regulation – Data subjects’ rights.
C) Incorrect. Only erroneous data has to be rectified.
D) Incorrect. Article 17 gives some exceptions to this like when the data is needed for the establishment, exercise or defense of legal claims.
7 / 20 “An independent public authority which is established by a Member State pursuant to Article 51."
Which role in data protection is defined?
A) Controller
B) Processor
C) Supervisory authority
D) Third party
A) Incorrect. See Regulation 2016/679, Article 4.
B) Incorrect. See Regulation 2016/679, Article 4.
C) Correct. Source: GDPR 2016/679, Article 4 and Article 51.
D) Incorrect. See Regulation 2016/679, Article 4.
8 / 20 Which role in data protection determines the purposes and means of the processing of personal data?
A) Controller
B) Data Protection Officer
C) Processor
A) Correct. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Source: White Paper – Privacy, Personal Data and