2023 - The General Data Protection Regulation (GDPR) Test

Questions and Answers

When did the General Data Protection Regulation (GDPR) come into force?

• May 2016 (correct)
• May 2022
• May 2018
• May 2020

What does the GDPR require in terms of personal data?

• It should be purchased lawfully (correct)
• It should be kept for as long as possible
• It should be collected for any purposes
• It should be processed in any manner

What is the role of the European Data Protection Board under the GDPR?

• To monitor data processors
• To manage data subject access requests
• To enforce fines for breaches
• To issue opinions and guidance (correct)

What are the potential fines for breaches of the GDPR?

4% of annual turnover or €20 million (D)

Which legislation is currently in effect for data protection in the EU?

The Data Protection Directive of 1995 (C)

What is the main change regarding accountability under the GDPR?

Data controllers must maintain a written record of their data protection activities (D)

What are the enhanced rights for data subjects under the GDPR?

All of the above (D)

What is the role of the European Data Protection Board under the GDPR?

To issue opinions and guidance to ensure the consistent application of GDPR (C)

What is the new requirement for notifying breaches under the GDPR?

Notify the relevant Data Protection Authority 'without undue delay' (C)

What is one of the key principles of data protection legislation and good practice?

Processing personal information only for legitimate organisational purposes (C)

Study Notes

GDPR Overview

• The General Data Protection Regulation (GDPR) came into force on May 25, 2018.

Personal Data Requirements

• GDPR requires that personal data be processed lawfully, fairly, and transparently; collected for specific, explicit, and legitimate purposes; and be adequate, relevant, and limited to what is necessary.

European Data Protection Board

• The European Data Protection Board (EDPB) is responsible for ensuring consistent application of the GDPR across the EU, issuing guidelines and recommendations, and promoting cooperation among supervisory authorities.

Fines for Breaches

• The GDPR imposes fines of up to €20 million or 4% of a company's global annual turnover for breaches, whichever is greater.

Current Data Protection Legislation

• The GDPR is currently in effect for data protection in the EU.

Accountability

• The GDPR introduces a new principle of accountability, which requires organizations to demonstrate compliance with the regulation, including implementing appropriate technical and organizational measures.

Enhanced Rights for Data Subjects

• Under the GDPR, data subjects have enhanced rights, including the right to be informed, access, rectification, erasure, restriction of processing, data portability, and objection to processing.

Notifying Breaches

• The GDPR introduces a new requirement for notifying breaches to the supervisory authority within 72 hours of becoming aware of the breach, and to the affected data subjects without undue delay.

Key Principles of Data Protection

• One of the key principles of data protection legislation and good practice is that personal data should be processed lawfully, fairly, and transparently.