Module 1 assessment Page 1 of2

Module 1 Assessment - Please answer all of the following multiple choice questions

Your score is 5 out of 14. Please see below for correct answers (remember to click
'submit' once you are finished)
Q1.The GDPR doesn't include a chapter covering....

(a) lnternational transfers

(b) Exemptions
(c) The responsibilities of data controllers and processors

Q2.Which of the following is correct?

(a) The GDPR only applies to organ¡sat¡ons based within the EU.
(b) The GDPR covers any processing of personal data of people in the EU, regardless of whether the organisat¡on
concerned is based in the EU.
(c) The GDPR covers organisations outside the EU who offer goods and services to people in the EU

Q3.Complete the statement:

The definition of personal data in the GDPR...;

(a). .. is narrower than the definition in the DPA

(b). . . is broader then the definition in the DPA
(c) ... is more explicit than the definition in the DPA

Q4.True or false, under the GDPR the term 'manual fìling system' is likely to cover files structured in date order

(a) True
(b) False

QS.Which one of these activities falls outside the scope of the GDPR;

(a) Processing for marketing purposes

(b) Processing for domestic and household purposes
(c) Processing for the purposes of crime and investigations
(d) Processing for the purposes of journalism literature and art

Q6.True or false; the GDPR makes provision for individual member states to add their own exemptions.

(a) ïrue
(b) False

QT.Which of the following do 'sensitive personal data' and 'special categories of personal data' have in common?

(a) They are both subject to additional conditions/bases for processing.

(b) They each cover information about religious and political beliefs.
(c) They each cover information about the commission of offences and proceedings for offences

Q8. The GDPR introduces a new data protection principle that requires organisations to

(a)...demonstrate compliance with the principles

(b)... co-operate with the supervisory authority
(c)... report data protection breaches

Q9.True or false;

Data controllers are still required to register/notify under the GDPR;

file.lllC:lUsers/oakesa./ÃppData/Local/MicrosofVWindows/Temporary%o2llntemetoÁ... 1210612017
Module 1 assessment Page 2 of2

(a) True
(b) False

Q10.ln the event of a breach, the data subject has a right to complain to;

a) the supervisory authority in their place of residence

b) the supervisory authority in their place of birth
c) The supervisory authorig in their place of work
d)The supervisory authority in the place where the incident occurred

Q1 l.Which of these statements about consent under the GDPR is correct?

(a) lt must be as easy to withdraw consent as it is to give it

(b) Consent must be provided through a clear and affirmative action
(c) Any request for consent must be easy to distinguish
(d) The data subject must be able to withdraw their consent at any time.

Q 1 2. Complete the statement.

Where a data controller wants to offer online information services to a child under 16 on the basis of consent, it can't do
so unless...

(a) ... it has the authorisation of their parent or guardian

(b) ...the content is child friendly
(c) ... the child has given their written consent

Q13.True or false, the GDPR regulations on profiling will only apply where that profiling is carried out by automated
means.

(a) True
(b) False

Q14.When carrying out profiling activities the data controller must ensure that it;

(a) provides the data subjects with meaningful information about the logic involved
(b) uses appropriate mathematical or statistical procedures
(c) implements appropriate measures to enable correction of inaccuracies and minimise the risk of errors

Please remember to click the 'submit' option

EEZZ.ZT7
i 9 Rosot I Sr.ùmiÎ I tuidrbr mnp

fJJe:lllC:lUsers/oakesa/ AppData/Local/Microsoft/Windows/TemporaryYo2}Intemeto/o... 1210612017

 lvlooule z assessmenl rage I ot J

Your score is 4 out ol 17. Please see below for correct answers (remember
to click the'submit' option once you are finished:
*,
flç
Ql,Which of the following stalements about the right to rectification is incorrect;

(a) Data a right to have inaccurate data reclified

Data have a to data :t

where possible.

Q2,The right to obJect empowers the data subject to,",.

:
'4

Q3.ln whlch of these cases is the right to obþt absolute?

(a) \Mere the,processing is based on legilimate interests.

(b) \lvhere the processing is for scientific, hlslorlcalr lesearch and statistical purposes.

',(

Q4.Which of the following statements ls false:

The right of data portabil¡ty.-,,.

(a)...allows data subjec'ts to obtain and reuse thelt data across different services.
(b) subjects to have thêir data transferred directly from one data controller to another"

Q5.The right to portability won't apply if;

(a) The data controller is a public authority

:ffiol
(c) The dâtâ involved is held on a manual filing system

Q6.ln which of these circumstances could a data subject exercise their rlght to be forgotten?

http s : //www, snaps urvey s. com/wh/siam/survey landin g/interviewer.asp L3/01/2017

 Module 2 assessment Page? of3

QT.True of false: The right to be forgotten is an absolute right.

(a) True
ffiFæ
Q8.\Mere the data subject has excersed their ilght to be forgotten and the data controller operates in an onllne
environment in which it makes personal data public (e.9. a sociel networking site), then that data c-onûoller must inform
other organisations who are processing the data in question so they can......

record the data subject's obJections

Q9.Complete the stalement;

lf the data subjecf has exercised their right to reslriction then the datà controller...

(a),,,,must erase the data undue delay

lhe circumstances

Q10.1¡1/hich of lhese statements about the right to restridion are conect;

to cause damage and distress.

their right to the courts.
The right to restrlction is an absolute right.

Q1 l.Under the GDPR a dala controller receiving a SAR may ask the data subþct for;

A Ê10 fee
cosls.

in staff time of locating information

Ql2.Under the GDPR, a data controller must respond to a SARi

(a) Within 40 calendar days

(b) Wthin 28 calendar days
þF:liïltLiln'ãi obtfr.rr
(d) Wthin 21 working days

t ' ',

Q13,Irue or false, under the GDPR a data conlroller may refuse a subject açÆess request that is excessive in naturre

tñ¡,.Tfüg ';r;

https //www. snapsurveys. com/wf/siam/survey landing/intewi ewer. asp

: 13t0112017
 lvlogule ¿ assessment rage J 01 J

(b) False

Q14.Where a data controller has made an automated decísion, the GDPR gives thê data subJect a right to,,

Q15.1 /hich of these statements ls correct;

The right to restrict automaled procesaing doesn't apply i1,,,

processing is hislorical, research or statistical purposes

Q16.True or false. The GDPR obliges data controllers to provide a wider range of fair procoesing information than is
required by the DPA.

Ql7.!Vhere a data cantroller is wriling privacy notices aimed at children it should take parlicular care to..^

(a) use easy to roâd fonts

(b) provide a glossary of lerms
..use tick boxes lnstead

Please remember to click the 'submit' option

, (!,J,*s,¡ i:r *ft*;lt'

https ://www. snapsurvey s. com/wh/siam/surveylandingiinterviewer. asp t3/01/2at7

 MO(IUIC J aSSCSSmgnt rage t or ¿

Your score is 4 out oI 11. Please see below for correct answers ( remember
,,,+l
to click'submit'once you are finisheÇ):
*.
d

Ql,Which of tha following statements is false;

A data controller must appoint a data protection oflicer if...

..it is a

(d) ...¡t carries out regular and systematic large scale monitoring of dâta subjects

Q2.True or false - a group of companies or public authorities may appoint a single data protection officer to represent
them all

ftrffi
(b) False

Q3.The GDPR states thât the data,protection officer should;

an

piolect¡on qualification

r!

Q4.True or false. The requirement to ma¡nta¡n records of processíng is obligatory for organisations that employ 250 staff
or more,

{Þ)jl"618ê,

Q5.$Miich of the following statements are correct;

The requirement lo maintain records on processing will apply to an organisation with less lhan 250 employees if.,,

processes very

Q6.Under lhe GDPR, a data controller must carry out a data protect¡on impact assessment if...;

,""it is carrying profiling

"-, it ís a public authority act¡ng in the course of its public functions

https ://www. snapsurveys. com/wh/siamlsurveylanding/interviewer. asp t3l0v20t7

 Module 3 assessment Page2 of2

Q7.The GDPR says that an data protection impac't assessment will be particularly required if the processing. ".

QS.True of false -under the GDPR it is mandatory for data controllers to implement measures to show that they have
considered and integrated data protection into their processing activities.

ffi
(n)False'

Q9;lûJttich of these stalemenls ere correct;

The advantage of signing up lo a certification scheme or code of conduct is that the data controller/processor

Qlû.Adh¡tqftæ tOq. oodÞt rif,cöndUot,r,r¡ill bç,môñltored by;.

it

authoñg

Ql l.Certification can be issuad and wlthdrawn by;

(a) the certificalion body

(b) the supervlsory aulhority
ffi
Please remember to click the 'submit' option
Ili*ir* ]*lJ".lï*ï

{ $n,å*i, .{ *'*fS" s$"q#dv {*l$t}

https //www,snapsurveys, com/wh"/si amlsurveylanding/interviewer. asp

: 13l0v20t7
 tvloqure + ässessrncnt rag,€ r ()r ¿

Your score is 2 out of 8. Please see below for correct answers (remember
to click'submit'once you are finished):
Ql,True or false: Under the GDPR, data controllers must report every data protecti* breach to the ,uo"t,roryt'*
authority

ffi
(a) True

Q2.The data controller will be required to notlff the data subjects of the breach if the incident.. .;

...involved being released into lhe public domaln

Q3.The GDPR states that data controllers must implement appropriate technical and organisalional measures to,..

Q4;1#fiich of the following statements about the GDPR's impac{,on data processors ar€ true.

processors

QS.True or false, A data processor cannot employ another data prooessor n ithout the data controller's written consenl.

1þ) 'F',*ls$

Q6.ln the event of a data protection breach by the data processor, that processor must notit;

(a) the supervisory authority

ffi
(¿) the deta subjects

Q7.The maximum adminíslrative fine lhan can be issued undor the GDPR is;

5 million euros or 1% of worldwide turnover

15 million euros or 3% of worldwide turnover

eutos

https :i/www.snapsurveys, com/wh/siam/surveylanding/interviewer. asp t3101120r7

 Module 4 assessment Page2 of2

QS.Which of thE followlng statements about the GDPR admlnlstratlve fne scheme are correct;

admlnlstratlve can be issued

Please remember to click the 'submit' option

_t

ffi'
Ë
¡l*a ¡t

:'

https //www. snapsurveys. com/wh/siam/surveylanding/interviewer.asp ß/ay20t7