Personal Data Quiz

Questions and Answers

What does personal data refer to?

• Only sensitive information such as medical records and religious beliefs
• Data that is publicly available on the internet
• Data collected from government databases
• Any information that relates to an identified or identifiable individual (correct)

Which of the following is an example of personal data?

• Name and address (correct)
• Publicly available company information
• Business contact information
• Anonymous survey responses

In the context of personal data, what does 'identifiable individual' mean?

• A person who can be directly or indirectly identified (correct)
• A person who has a unique name
• A person with a specific occupation
• A person with a high social media presence

What is personal data?

Data that can identify an individual directly or indirectly (C)

In a healthcare setting, a hospital that stores patient records and decides how to use the data is an example of:

A data controller (A)

Which of the following data is considered personal data under data protection regulations?

An employee's work email address (B)

What is the primary purpose of pseudonymisation in data protection?

To make it more difficult to identify individuals without additional information (C)

In the context of data protection, what is the difference between anonymised data and pseudonymized?

Pseudonymized data retains the possibility of reidentification, while anonymised data does not. (B)

In a complex supply chain scenario, who would typically be considered the data controller regarding the personal data of customers who purchase a product?

The logistics company delivering the product (C)

In a healthcare ecosystem where electronic health records (EHRs) are shared among multiple providers, who is often regarded as the data controller for patient data?

The healthcare system or hospital (C)

In a data-sharing partnership between a social media platform and a third-party analytics company, who is generally considered the data controller for the data?

The social media platform (A)

Flashcards

Personal data definition

Information about a specific person that can be used to identify them directly or indirectly.

Identifiable individual

A person who can be recognized directly or indirectly from the data.

Data controller

An entity that decides how personal data is collected and used.

Example of Personal Data

Name, address, email, or other info linking to a person.

Pseudonymisation purpose

Making data harder to link to a specific person without extra info.

Anonymised vs. Pseudonymized data

Anonymised data can't be traced back, pseudonymized data can still be connected.

Data controller in a supply chain

The company handling data about customers in a supply chain.

Data controller (healthcare)

The organization storing and managing patient health records.

Social media/3rd party data controller

The main social media platform is responsible when sharing with a 3rd party.

Work email as personal data

An employee's work email address is considered personal data in many regulations.

Hospital data controller

A hospital is the data controller within the healthcare system when handling patient data.

Study Notes

Personal Data

• Personal data refers to information related to an identified or identifiable individual.

Identifiable Individual

• An identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or other factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

Examples of Personal Data

• Patient records in a healthcare setting are an example of personal data.
• Personal data includes data that can be used to identify an individual, such as name, address, phone number, or financial information.

Data Controllers

• In a healthcare setting, the hospital that stores patient records and decides how to use the data is an example of a data controller.
• In a complex supply chain scenario, the manufacturer or seller of a product is typically considered the data controller regarding the personal data of customers who purchase the product.
• In a healthcare ecosystem where electronic health records (EHRs) are shared among multiple providers, the healthcare provider or hospital is often regarded as the data controller for patient data.
• In a data-sharing partnership between a social media platform and a third-party analytics company, the social media platform is generally considered the data controller for the data.

Data Protection Regulations

• Personal data under data protection regulations includes data that can be used to identify an individual, such as name, address, phone number, or financial information.

Pseudonymisation and Anonymisation

• The primary purpose of pseudonymisation in data protection is to reduce the risk of compromising the privacy of individuals.
• Pseudonymised data is data that can be attributed to an individual using additional information, whereas anonymised data cannot be attributed to an individual even with additional information.