Wednesday, 25 October 2017

6 GDPR Exam Questions - Test and Practice Your Knowledge

GDPR Exam Practice Questions
Up to 67% of IT professionals in UK businesses are unprepared for General Data Protection Regulation (GDPR) coming into effect on 25th May 2018, revealed Spiceworks’ “IT data Snapshot” survey.

What is GDPR?


GDPR builds on the current Data Protection Act (DPA), extending the right of the individual and forcing organisations to adhere to clear policies and procedures that protect EU citizens’ data.

The new regulations will affect all aspects of your business – this includes how IT security teams safely store this data and effectively re-engineer breech detection.

Plus, a lack of compliance with the GDPR can lead to severe fines.

How will it affect my business?


Any business that stores EU citizens’ data, regardless of whether or not they’re in the EU, will be affected by GDPR.

Check this blog post on the 6 things you need to know about GDPR to understand how your business is affected by GDPR and how to plan for it.

To help you prepare for your GDPR Practitioner exam and to give you an idea of the complexities of the new GDPR regulations, we’ve included 4 official exam practice questions that could be included on our official GDPR Practitioner course:


1. Which of the following controller/processing scenarios in principle CAN use the Public Interest legal basis?

A. A vehicle licensing agency selling owner names and contact details to the private sector in exchange for money

B. A company director credit checking agency republishing the contents of a Mandatory Public Register of directors which is already in the public domain publishing the names and addresses of directors on the internet

C. A registered and regulated charity receiving information from any public sector body as part of a lawful Data Sharing Agreement

D. None of the above


2. Where the data subject is a child, what steps must controllers take in respect of consent, within the constraints of available technology?

A. Controllers must make best efforts to verify the consent

B. Controllers must make reasonable efforts to verify the consent

C. Controllers must make best efforts to request the consent in clear and plain language, in the context of the age of the child

D. Controllers must make reasonable efforts to request the consent in clear and plain language, in the context of the age of the child


3. "While implementing certain data subject rights the controller is NOT obliged by Article 19 to inform each third party recipient of the personal data" For which of the following rights is that statement TRUE?

A. "Non-profiling" under Article 22

B. B. Rectification under Article 16

C. Erasure / "right to be forgotten" under Article 17

D. Restriction under Article 18


4. For purposes of a data protection impact assessment, when must the controller seek the views of data subjects or their representatives on the intended processing?

A. Always

B. Never

C. When appropriate

D. When the supervisory authority requests it


5. Regarding data subjects protected by the GDPR, which of the following statements is true? 

A. The GDPR protects only people who are physically located in the EU 

B. The GDPR protects only EU citizens
 
C. The GDPR protects only EU residents 

D. The GDPR protects only EU domiciliaries


6. In respect of non-profit representation of data subjects, which of the following statements is FALSE?

A. For a not-for-profit body, organisation to execute a mandate on behalf of a data subject, it must have been properly constituted in accordance with the law of a Member State. 

B. Member State laws may provide that not-for-profit bodies may bring complaints under Articles 77, 78, and 79 in the absence of mandates from affected data subjects. 

C. Any data subject has the right to mandate any not-for-profit body, organisation or association to exercise the rights referred to in Articles 77, 78 and 79 on his or her behalf, and to exercise the right to receive compensation referred to in Article 82 on his or her behalf. 

D. Unless a Member State's laws facilitate it, a not-for-profit body cannot exercise the right to receive compensation referred to in Article 82 on a data subject's behalf.

How did you do?

Highlight the text to see the answers:

1. D

2. B

3. A

4. C

5. A

6. C


Whether or not you got the answers right, upskill your team and prepare your business in time with Firebrand’s accelerated 3-day GDPR Practitioner Certification - built by a former Data Manager and Solicitor of the Supreme Courts of England and Wales.