Personal Data Quiz

Questions and Answers

What does personal data refer to?

Any information that relates to an identified or identifiable individual

Which of the following is an example of personal data?

Name and address

In the context of personal data, what does 'identifiable individual' mean?

A person who can be directly or indirectly identified

What is personal data?

Data that can identify an individual directly or indirectly

In a healthcare setting, a hospital that stores patient records and decides how to use the data is an example of:

A data controller

Which of the following data is considered personal data under data protection regulations?

An employee's work email address

What is the primary purpose of pseudonymisation in data protection?

To make it more difficult to identify individuals without additional information

In the context of data protection, what is the difference between anonymised data and pseudonymized?

Pseudonymized data retains the possibility of reidentification, while anonymised data does not.

In a complex supply chain scenario, who would typically be considered the data controller regarding the personal data of customers who purchase a product?

The logistics company delivering the product

In a healthcare ecosystem where electronic health records (EHRs) are shared among multiple providers, who is often regarded as the data controller for patient data?

The healthcare system or hospital

In a data-sharing partnership between a social media platform and a third-party analytics company, who is generally considered the data controller for the data?

The social media platform

Study Notes

Personal Data

• Personal data refers to information related to an identified or identifiable individual.

Identifiable Individual

• An identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or other factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

Examples of Personal Data

• Patient records in a healthcare setting are an example of personal data.
• Personal data includes data that can be used to identify an individual, such as name, address, phone number, or financial information.

Data Controllers

• In a healthcare setting, the hospital that stores patient records and decides how to use the data is an example of a data controller.
• In a complex supply chain scenario, the manufacturer or seller of a product is typically considered the data controller regarding the personal data of customers who purchase the product.
• In a healthcare ecosystem where electronic health records (EHRs) are shared among multiple providers, the healthcare provider or hospital is often regarded as the data controller for patient data.
• In a data-sharing partnership between a social media platform and a third-party analytics company, the social media platform is generally considered the data controller for the data.

Data Protection Regulations

• Personal data under data protection regulations includes data that can be used to identify an individual, such as name, address, phone number, or financial information.

Pseudonymisation and Anonymisation

• The primary purpose of pseudonymisation in data protection is to reduce the risk of compromising the privacy of individuals.
• Pseudonymised data is data that can be attributed to an individual using additional information, whereas anonymised data cannot be attributed to an individual even with additional information.