Professional Documents
Culture Documents
GDPR Training Modules Questions and Answers
GDPR Training Modules Questions and Answers
Module 1 Assessment - Please answer all of the following multiple choice questions
Your score is 5 out of 14. Please see below for correct answers (remember to click
'submit' once you are finished)
Q1.The GDPR doesn't include a chapter covering....
(a) The GDPR only applies to organ¡sat¡ons based within the EU.
(b) The GDPR covers any processing of personal data of people in the EU, regardless of whether the organisat¡on
concerned is based in the EU.
(c) The GDPR covers organisations outside the EU who offer goods and services to people in the EU
Q4.True or false, under the GDPR the term 'manual fìling system' is likely to cover files structured in date order
(a) True
(b) False
QS.Which one of these activities falls outside the scope of the GDPR;
Q6.True or false; the GDPR makes provision for individual member states to add their own exemptions.
(a) ïrue
(b) False
QT.Which of the following do 'sensitive personal data' and 'special categories of personal data' have in common?
Q8. The GDPR introduces a new data protection principle that requires organisations to
Q9.True or false;
file.lllC:lUsers/oakesa./ÃppData/Local/MicrosofVWindows/Temporary%o2llntemetoÁ... 1210612017
Module 1 assessment Page 2 of2
(a) True
(b) False
Q10.ln the event of a breach, the data subject has a right to complain to;
Where a data controller wants to offer online information services to a child under 16 on the basis of consent, it can't do
so unless...
Q13.True or false, the GDPR regulations on profiling will only apply where that profiling is carried out by automated
means.
(a) True
(b) False
Q14.When carrying out profiling activities the data controller must ensure that it;
(a) provides the data subjects with meaningful information about the logic involved
(b) uses appropriate mathematical or statistical procedures
(c) implements appropriate measures to enable correction of inaccuracies and minimise the risk of errors
Your score is 4 out ol 17. Please see below for correct answers (remember
to click the'submit' option once you are finished:
*,
flç
Ql,Which of the following stalements about the right to rectification is incorrect;
where possible.
:
'4
',(
(a)...allows data subjec'ts to obtain and reuse thelt data across different services.
(b) subjects to have thêir data transferred directly from one data controller to another"
Q6.ln which of these circumstances could a data subject exercise their rlght to be forgotten?
(a) True
ffiFæ
Q8.\Mere the data subject has excersed their ilght to be forgotten and the data controller operates in an onllne
environment in which it makes personal data public (e.9. a sociel networking site), then that data c-onûoller must inform
other organisations who are processing the data in question so they can......
lf the data subjecf has exercised their right to reslriction then the datà controller...
Q1 l.Under the GDPR a dala controller receiving a SAR may ask the data subþct for;
A Ê10 fee
cosls.
t ' ',
Q13,Irue or false, under the GDPR a data conlroller may refuse a subject açÆess request that is excessive in naturre
tñ¡,.Tfüg ';r;
(b) False
Q14.Where a data controller has made an automated decísion, the GDPR gives thê data subJect a right to,,
Q16.True or false. The GDPR obliges data controllers to provide a wider range of fair procoesing information than is
required by the DPA.
Ql7.!Vhere a data cantroller is wriling privacy notices aimed at children it should take parlicular care to..^
Your score is 4 out oI 11. Please see below for correct answers ( remember
,,,+l
to click'submit'once you are finisheÇ):
*.
d
..it is a
(d) ...¡t carries out regular and systematic large scale monitoring of dâta subjects
Q2.True or false - a group of companies or public authorities may appoint a single data protection officer to represent
them all
ftrffi
(b) False
an
piolect¡on qualification
r!
Q4.True or false. The requirement to ma¡nta¡n records of processíng is obligatory for organisations that employ 250 staff
or more,
{Þ)jl"618ê,
The requirement lo maintain records on processing will apply to an organisation with less lhan 250 employees if.,,
processes very
Q6.Under lhe GDPR, a data controller must carry out a data protect¡on impact assessment if...;
Q7.The GDPR says that an data protection impac't assessment will be particularly required if the processing. ".
QS.True of false -under the GDPR it is mandatory for data controllers to implement measures to show that they have
considered and integrated data protection into their processing activities.
ffi
(n)False'
The advantage of signing up lo a certification scheme or code of conduct is that the data controller/processor
it
authoñg
Your score is 2 out of 8. Please see below for correct answers (remember
to click'submit'once you are finished):
Ql,True or false: Under the GDPR, data controllers must report every data protecti* breach to the ,uo"t,roryt'*
authority
ffi
(a) True
Q2.The data controller will be required to notlff the data subjects of the breach if the incident.. .;
Q3.The GDPR states that data controllers must implement appropriate technical and organisalional measures to,..
Q4;1#fiich of the following statements about the GDPR's impac{,on data processors ar€ true.
processors
QS.True or false, A data processor cannot employ another data prooessor n ithout the data controller's written consenl.
1þ) 'F',*ls$
Q6.ln the event of a data protection breach by the data processor, that processor must notit;
Q7.The maximum adminíslrative fine lhan can be issued undor the GDPR is;
eutos
QS.Which of thE followlng statements about the GDPR admlnlstratlve fne scheme are correct;
ffi'
Ë
¡l*a ¡t
:'