[02/Magdalena/03]

Questions and Answers

Which of the following is considered personal data under the GDPR?

• Business financial records
• Social media posts (correct)
• Anonymous website browsing history
• Publicly available phone directory

What is the main objective of the GDPR?

• To prevent the collection of personal data
• To protect businesses from data breaches
• To give control over personal data to citizens and residents (correct)
• To promote international data sharing

Which of the following is not considered personal data under the GDPR?

• IP address
• Date of birth
• Email address
• Business contact information (correct)

True or false: The GDPR aims to give control back to citizens and residents over their personal data.

True (A)

True or false: Personal data under the GDPR includes information such as name, address, date of birth, email address, phone number, and IP address.

True (A)

True or false: The GDPR only applies to European citizens and residents.

False (B)

Match the following terms with their definitions as per the GDPR:

Personal data = Any information that relates to an identified or identifiable natural person Data controller = The entity that determines the purposes, conditions, and means of the processing of personal data Data processor = The entity that processes personal data on behalf of the data controller Data subject = The individual to whom the personal data relates

Match the following scenarios with the correct GDPR requirement:

A company collects personal data from its customers = Ensure that the data subjects provide their consent for processing their data A company experiences a data breach = Notify the relevant supervisory authority within 72 hours of becoming aware of the breach A company wants to transfer personal data to a third country = Ensure that the data transfer is done in compliance with the GDPR A company wants to process personal data of a child = Obtain parental consent for the processing of personal data of a child under the age of 16

Match the following GDPR rights with their descriptions:

Right to be forgotten = The right to have personal data erased and to prevent its further dissemination Right to data portability = The right to receive personal data in a structured, commonly used, and machine-readable format Right to access = The right to obtain confirmation as to whether or not personal data concerning the data subject is being processed Right to restriction of processing = The right to limit the processing of personal data in certain circumstances

Match the following GDPR requirements with their descriptions:

Transparency = Organizations must be transparent with individuals about how their personal data is being collected and used. Lawfulness = Organizations must have a lawful basis for processing personal data. Fairness and accountability = Organizations must process personal data in a fair and accountable manner. Data Protection Directive = The directive that the GDPR replaced in 2018.

Match the following terms with their definitions as per the GDPR:

Personal data = Any information that relates to an identified or identifiable natural person. GDPR = The General Data Protection Regulation, a regulation in EU law on data protection and privacy. EU = The European Union, one of the regions covered by the GDPR. EEA = The European Economic Area, another region covered by the GDPR.

Match the following entities with their coverage under the GDPR:

EU organization = An organization established in the EU that processes personal data of EU residents. Non-EU organization = An organization established outside of the EU but offers goods or services to EU residents or monitors their behavior within the EU. EU resident = A person whose personal data is protected by the GDPR. Data Protection Directive = The directive that the GDPR replaced in 2018.

Match the following terms with their definitions as per the GDPR:

Personal data = Any information that relates to an identified or identifiable natural person. GDPR = The General Data Protection Regulation, a regulation in EU law on data protection and privacy. EU = The European Union, one of the regions covered by the GDPR. EEA = The European Economic Area, another region covered by the GDPR.

Match the following entities with their coverage under the GDPR:

EU organization = An organization established in the EU that processes personal data of EU residents. Non-EU organization = An organization established outside of the EU but offers goods or services to EU residents or monitors their behavior within the EU. EU resident = A person whose personal data is protected by the GDPR. Data Protection Directive = The directive that the GDPR replaced in 2018.

Match the following terms with their definitions as per the GDPR:

Personal data = Any information that relates to an identified or identifiable natural person. GDPR = The General Data Protection Regulation, a regulation in EU law on data protection and privacy. EU = The European Union, one of the regions covered by the GDPR. EEA = The European Economic Area, another region covered by the GDPR.

Match the following entities with their coverage under the GDPR:

EU organization = An organization established in the EU that processes personal data of EU residents. Non-EU organization = An organization established outside of the EU but offers goods or services to EU residents or monitors their behavior within the EU. EU resident = A person whose personal data is protected by the GDPR. Data Protection Directive = The directive that the GDPR replaced in 2018.

Match the following terms with their definitions as per the GDPR:

Personal data = Any information that relates to an identified or identifiable natural person. GDPR = The General Data Protection Regulation, a regulation in EU law on data protection and privacy. EU = The European Union, one of the regions covered by the GDPR. EEA = The European Economic Area, another region covered by the GDPR.

Match the following entities with their coverage under the GDPR:

EU organization = An organization established in the EU that processes personal data of EU residents. Non-EU organization = An organization established outside of the EU but offers goods or services to EU residents or monitors their behavior within the EU. EU resident = A person whose personal data is protected by the GDPR. Data Protection Directive = The directive that the GDPR replaced in 2018.

Match the following terms with their definitions as per the GDPR:

Personal data = Any information that relates to an identified or identifiable natural person. GDPR = The General Data Protection Regulation, a regulation in EU law on data protection and privacy. EU = The European Union, one of the regions covered by the GDPR. EEA = The European Economic Area, another region covered by the GDPR.

Match the following GDPR rights with their descriptions:

Right to access = Individuals have the right to obtain confirmation from the data controller as to whether or not their personal data is being processed Right to erasure = Also known as the 'right to be forgotten', individuals have the right to have their personal data erased Right to object = Individuals have the right to object to the processing of their personal data in certain circumstances Consent = In some cases, organizations will need to obtain this from individuals before processing their personal data

Match the following GDPR requirements with their descriptions:

Data audit = This process is used to identify all of the personal data that an organization processes Data Protection Officer (DPO) = Organizations that process large amounts of personal data or that process sensitive personal data may be required to appoint this person Data transfers = Organizations can only transfer personal data outside of the EU to countries that have been deemed to have adequate data protection laws in place Fines = Organizations that violate GDPR can face significant fines, up to 4% of their global annual turnover or €20 million, whichever is greater

Match the following GDPR terms with their definitions:

Personal data = Any information relating to an identified or identifiable natural person Processing = Any operation or set of operations which is performed on personal data Data subject = The identified or identifiable natural person to whom the personal data relates Data controller = The natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data

Match the following GDPR considerations with their descriptions:

Consent = In some cases, organizations will need to obtain this from individuals before processing their personal data Data transfers = Organizations can only transfer personal data outside of the EU to countries that have been deemed to have adequate data protection laws in place Data Protection Officer (DPO) = Organizations that process large amounts of personal data or that process sensitive personal data may be required to appoint a DPO Fines = Organizations that violate GDPR can face significant fines, up to 4% of their global annual turnover or €20 million, whichever is greater

Match the following GDPR actions with their descriptions:

Data audit = This action is used to identify all of the personal data that an organization processes Implement policies and procedures = This action ensures that personal data is processed in accordance with GDPR requirements Train employees = This action is done to educate employees on GDPR compliance Respond to data breaches = This action involves having a plan in place for handling data breaches

Match the following GDPR consequences with their descriptions:

Fines = Organizations that violate GDPR can face significant fines, up to 4% of their global annual turnover or €20 million, whichever is greater Reputation damage = Violating GDPR can lead to this consequence, which can negatively impact an organization Loss of customer trust = Violating GDPR can lead to this consequence, as individuals may no longer trust an organization with their personal data Legal action = Individuals or groups affected by a GDPR violation may take this action against the violating organization

Match the following GDPR concepts with their descriptions:

Personal data = Any information relating to an identified or identifiable natural person Processing = Any operation or set of operations which is performed on personal data Data subject = The identified or identifiable natural person to whom the personal data relates Data controller = The natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data

Match the following GDPR requirements with their descriptions:

Data audit = This process is used to identify all of the personal data that an organization processes Data Protection Officer (DPO) = Organizations that process large amounts of personal data or that process sensitive personal data may be required to appoint this person Data transfers = Organizations can only transfer personal data outside of the EU to countries that have been deemed to have adequate data protection laws in place Fines = Organizations that violate GDPR can face significant fines, up to 4% of their global annual turnover or €20 million, whichever is greater

Match the following GDPR terms with their definitions:

Personal data = Any information relating to an identified or identifiable natural person Processing = Any operation or set of operations which is performed on personal data Data subject = The identified or identifiable natural person to whom the personal data relates Data controller = The natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data

Match the following GDPR considerations with their descriptions:

Consent = In some cases, organizations will need to obtain this from individuals before processing their personal data Data transfers = Organizations can only transfer personal data outside of the EU to countries that have been deemed to have adequate data protection laws in place Data Protection Officer (DPO) = Organizations that process large amounts of personal data or that process sensitive personal data may be required to appoint a DPO Fines = Organizations that violate GDPR can face significant fines, up to 4% of their global annual turnover or €20 million, whichever is greater

Which of the following is NOT considered personal data under the GDPR?

Favorite color (C)

True or false: The GDPR only applies to European citizens and residents.

False (B)

What is the main objective of the GDPR?

To give control back to citizens and residents over their personal data (A)

Which of the following is considered personal data under the GDPR?

Email address (D)

True or false: Personal data under the GDPR includes information such as name, address, date of birth, email address, phone number, and IP address.

True (B)

Which of the following is NOT a requirement for data processing under the GDPR?

Anonymity (D)

Which of the following entities is covered by the GDPR?

An organization located outside of the EU that offers goods or services to EU residents (D)

Which of the following GDPR requirements is related to being transparent with individuals about how their personal data is being collected and used?

Transparency (D)

Which of the following GDPR rights is related to giving individuals the right to access their personal data?

Right of access (D)

Which of the following GDPR consequences is related to fines for non-compliance?

Penalties (A)

Which of the following rights do individuals have under GDPR?

The right to access their personal data (C)

What are the potential consequences for organizations that violate GDPR?

A maximum fine of €20 million (C)

What is one way organizations can comply with GDPR data processing requirements?

Conduct a data audit (C)

In which cases do organizations need to obtain consent from individuals before processing their personal data?

Only when processing sensitive personal data (C)

What is the potential fine for organizations that violate GDPR?

4% of their global annual turnover (A)

What is the role of a Data Protection Officer (DPO) under GDPR?

To ensure compliance with GDPR requirements (D)

What is the main objective of GDPR?

To protect the privacy and security of personal data (C)

What is the maximum fine that organizations can face for violating GDPR?

4% of their global annual turnover (A)

What is one tip for complying with GDPR data processing requirements?

Train employees on GDPR compliance (B)

Under GDPR, organizations can only transfer personal data outside of the EU to countries that have:

Adequate data protection laws (A)

True or false: The GDPR aims to simplify the regulatory environment for international business by unifying the regulation within the EU.

True (A)

True or false: Personal data under the GDPR includes information such as name, address, date of birth, email address, phone number, and IP address.

True (A)

True or false: GDPR applies only to organizations established in the EU.

False (B)

True or false: Organizations that offer goods or services to EU residents are covered by GDPR, regardless of where they are located.

True (A)

True or false: GDPR requires organizations to be transparent with individuals about how their personal data is being collected and used.

True (A)

True or false: GDPR requires organizations to have a lawful basis for processing personal data.

True (A)

True or false: GDPR imposes accountability on organizations for processing personal data in a fair manner.

True (A)

True or false: GDPR only applies to European citizens and residents.

False (B)

True or false: GDPR gives individuals the right to access their personal data.

True (A)

True or false: Organizations that violate GDPR may face fines as a consequence.

True (A)

True or false: Organizations that violate GDPR can face fines of up to 4% of their global annual turnover or €20 million, whichever is greater.

True (A)

True or false: GDPR aims to give control back to citizens and residents over their personal data.

True (A)

True or false: Organizations can transfer personal data outside of the EU to any country without any restrictions.

False (B)

True or false: Organizations that process large amounts of personal data may be required to appoint a Data Protection Officer (DPO).

True (A)

True or false: Personal data under the GDPR includes information such as name, address, date of birth, email address, phone number, and IP address.

True (A)

True or false: Consent is not required for processing personal data under the GDPR.

False (B)

True or false: GDPR data processing requirements are simple and easy to comply with.

False (B)

True or false: Organizations do not need to have a plan in place for responding to data breaches under the GDPR.

False (B)

True or false: GDPR only applies to organizations based in the European Union.

False (B)

True or false: GDPR only applies to personal data of European citizens and residents.

True (A)

Flashcards are hidden until you start studying