DPO Test Questions Tem PDF

Chat with Document Download

Document Details

AdoredForsythia

Uploaded by AdoredForsythia

Tags

data protection data privacy data protection officer NDPA

Related

Summary

This document contains 15 multiple-choice questions, focusing on Module 1 of a Data Protection Officer (DPO) certification exam for data protection and privacy in 2023, and is a good resource for self-study. The questions cover various data protection principles, including accountability, transparency, and data limitation from the perspective of the NDPA (likely National Data Protection Agency, for a specific country, given the document).

Full Transcript

Module 1: Introduction to Data Protection and Privacy ===================================================== Here is a set of **15 multiple-choice questions** based exclusively on **Module 1: Introduction to Data Protection and Privacy** for Data Protection Officers (DPOs) certification. Each questi...

Module 1: Introduction to Data Protection and Privacy ===================================================== Here is a set of **15 multiple-choice questions** based exclusively on **Module 1: Introduction to Data Protection and Privacy** for Data Protection Officers (DPOs) certification. Each question includes the correct answer and a short explanation. +-------------+-------------+-------------+-------------+-------------+ | [\#]{.under | [Question]{ | [Options]{. | [Answer]{.u | [Explanatio | | line} |.underline} | underline} | nderline} | n]{.underli | | | | | | ne} | +=============+=============+=============+=============+=============+ | 1 | What is the | **A.** To | **B** | The NDPA | | | primary | regulate | | aims to | | | objective | internet | | safeguard | | | of the NDPA | usage | | individuals | | | 2023? | | | \' | | | | **B.** To | | personal | | | | protect | | data and | | | | personal | | ensure | | | | data and | | their | | | | privacy | | privacy | | | | rights | | rights are | | | | | | respected. | | | | **C.** To | | | | | | monitor | | | | | | organisatio | | | | | | nal | | | | | | marketing | | | | | | strategies | | | | | | | | | | | | **D.** To | | | | | | limit data | | | | | | collection | | | | | | practices | | | +-------------+-------------+-------------+-------------+-------------+ | 2 | What does | **A.** Any | **B** | Personal | | | \"personal | data stored | | data refers | | | data\" mean | in digital | | to any | | | under the | format | | information | | | NDPA? | | | relating to | | | | **B.** Data | | an | | | | about an | | identified | | | | identifiabl | | or | | | | e | | identifiabl | | | | individual | | e | | | | | | natural | | | | **C.** | | person. | | | | Anonymous | | | | | | research | | | | | | data | | | | | | | | | | | | **D.** | | | | | | Organisatio | | | | | | nal | | | | | | financial | | | | | | records | | | +-------------+-------------+-------------+-------------+-------------+ | 3 | Which | **A.** | **C** | The NDPC is | | | entity | Central | | the | | | regulates | Bank of | | regulatory | | | data | Nigeria | | body | | | protection | (CBN) | | established | | | compliance | | | to oversee | | | in Nigeria? | **B.** | | the | | | | Nigeria | | enforcement | | | | Communicati | | of the | | | | ons | | NDPA. | | | | Commission | | | | | | (NCC) | | | | | | | | | | | | **C.** | | | | | | Nigeria | | | | | | Data | | | | | | Protection | | | | | | Commission | | | | | | (NDPC) | | | | | | | | | | | | **D.** | | | | | | National | | | | | | Bureau of | | | | | | Statistics | | | | | | (NBS) | | | +-------------+-------------+-------------+-------------+-------------+ | 4 | Which of | **A.** Data | **B** | Purpose | | | the | retention | | limitation | | | following | without | | ensures | | | is a | time limits | | data is | | | principle | | | collected | | | of data | **B.** | | and used | | | protection? | Purpose | | for | | | | limitation | | specific, | | | | | | legitimate | | | | **C.** | | purposes | | | | Unlimited | | only. | | | | data | | | | | | sharing | | | | | | | | | | | | **D.** Data | | | | | | monetisatio | | | | | | n | | | +-------------+-------------+-------------+-------------+-------------+ | 5 | What does | **A.** Data | **B** | Transparenc | | | the | must be | | y | | | principle | accessible | | requires | | | of | to the | | organisatio | | | transparenc | general | | ns | | | y | public | | to inform | | | entail? | | | data | | | | **B.** | | subjects | | | | Organisatio | | about how | | | | ns | | their | | | | must inform | | personal | | | | individuals | | data is | | | | about data | | processed. | | | | use | | | | | | | | | | | | **C.** | | | | | | Organisatio | | | | | | ns | | | | | | must share | | | | | | all | | | | | | internal | | | | | | policies | | | | | | | | | | | | **D.** Data | | | | | | must be | | | | | | openly | | | | | | shared | | | | | | across | | | | | | departments | | | +-------------+-------------+-------------+-------------+-------------+ | 6 | Which of | **A.** | **D** | Organisatio | | | the | Consent | | nal | | | following | | | discretion | | | is NOT a | **B.** | | is not a | | | lawful | Contractual | | lawful | | | basis for | necessity | | basis under | | | processing | | | the NDPA. | | | personal | **C.** | | | | | data? | Vital | | | | | | interests | | | | | | of the data | | | | | | subject | | | | | | | | | | | | **D.** | | | | | | Organisatio | | | | | | nal | | | | | | discretion | | | +-------------+-------------+-------------+-------------+-------------+ | 7 | What is the | **A.** Data | **B** | Accountabil | | | principle | controllers | | ity | | | of | must ensure | | requires | | | accountabil | security | | organisatio | | | ity? | software is | | ns | | | | used | | to | | | | | | demonstrate | | | | **B.** | | compliance | | | | Organisatio | | with the | | | | ns | | NDPA's | | | | are | | principles. | | | | responsible | | | | | | for | | | | | | compliance | | | | | | with data | | | | | | protection | | | | | | laws | | | | | | | | | | | | **C.** Data | | | | | | subjects | | | | | | are | | | | | | responsible | | | | | | for | | | | | | protecting | | | | | | their data | | | | | | | | | | | | **D.** | | | | | | Governments | | | | | | must | | | | | | monitor | | | | | | data | | | | | | processing | | | | | | practices | | | +-------------+-------------+-------------+-------------+-------------+ | 8 | What is the | **A.** | **B** | Sensitive | | | lawful | Organisatio | | personal | | | basis for | nal | | data | | | processing | policies | | requires | | | sensitive | | | explicit | | | personal | **B.** | | consent | | | data? | Explicit | | unless | | | | consent | | another | | | | | | exception | | | | **C.** | | applies. | | | | Public | | | | | | availabilit | | | | | | y | | | | | | | | | | | | **D.** | | | | | | Automatic | | | | | | approval by | | | | | | the NDPC | | | +-------------+-------------+-------------+-------------+-------------+ | 9 | How does | **A.** The | **B** | Data | | | the NDPA | storage of | | processing | | | define | information | | includes | | | \"data | in cloud | | collecting, | | | processing\ | systems | | storing, | | | "? | | | accessing, | | | | **B.** Any | | transferrin | | | | operation | | g, | | | | performed | | or deleting | | | | on personal | | data. | | | | data | | | | | | | | | | | | **C.** | | | | | | Exclusively | | | | | | the | | | | | | deletion of | | | | | | outdated | | | | | | data | | | | | | | | | | | | **D.** | | | | | | Archiving | | | | | | data for | | | | | | regulatory | | | | | | purposes | | | +-------------+-------------+-------------+-------------+-------------+ | 10 | What does | **A.** | **A** | Data | | | the | Collecting | | minimisatio | | | principle | only the | | n | | | of data | data | | ensures | | | minimisatio | necessary | | that only | | | n | for a | | the data | | | require? | specific | | required | | | | purpose | | for | | | | | | processing | | | | **B.** | | purposes is | | | | Deleting | | collected | | | | all | | and stored. | | | | non-digital | | | | | | records | | | | | | | | | | | | **C.** | | | | | | Storing | | | | | | unlimited | | | | | | data for | | | | | | future use | | | | | | | | | | | | **D.** | | | | | | Sharing | | | | | | data across | | | | | | departments | | | | | | for | | | | | | efficiency | | | +-------------+-------------+-------------+-------------+-------------+ | 11 | What is the | **A.** To | **B** | The NDPC | | | role of the | provide | | oversees | | | NDPC under | funding to | | compliance | | | the NDPA? | data | | and | | | | controllers | | enforcement | | | | | | of the | | | | **B.** To | | NDPA. | | | | regulate | | | | | | and enforce | | | | | | data | | | | | | protection | | | | | | laws | | | | | | | | | | | | **C.** To | | | | | | manage | | | | | | organisatio | | | | | | nal | | | | | | marketing | | | | | | strategies | | | | | | | | | | | | **D.** To | | | | | | certify | | | | | | public | | | | | | sector | | | | | | agencies | | | +-------------+-------------+-------------+-------------+-------------+ | 12 | What is the | **A.** 13 | **C** | Under the | | | lawful age | years | | NDPA, | | | for giving | | | individuals | | | consent to | **B.** 16 | | aged 18 or | | | data | years | | above can | | | processing | | | legally | | | under the | **C.** 18 | | give | | | NDPA? | years | | consent for | | | | | | their data | | | | **D.** 21 | | to be | | | | years | | processed. | +-------------+-------------+-------------+-------------+-------------+ | 13 | What does | **A.** | **B** | Storage | | | the | Storing | | limitation | | | principle | data | | mandates | | | of storage | indefinitel | | that data | | | limitation | y | | is kept | | | require? | | | only for as | | | | **B.** | | long as it | | | | Retaining | | is needed | | | | data only | | for the | | | | as long as | | intended | | | | necessary | | purpose. | | | | for | | | | | | processing | | | | | | | | | | | | **C.** | | | | | | Archiving | | | | | | unused data | | | | | | for future | | | | | | use | | | | | | | | | | | | **D.** | | | | | | Encrypting | | | | | | all data | | | | | | stored in | | | | | | systems | | | +-------------+-------------+-------------+-------------+-------------+ | 14 | What is the | **A.** | **A** | DPIAs help | | | first step | Conducting | | organisatio | | | to ensure | a Data | | ns | | | compliance | Privacy | | identify | | | with the | Impact | | and | | | NDPA? | Assessment | | mitigate | | | | (DPIA) | | risks | | | | | | associated | | | | **B.** | | with data | | | | Hiring a | | processing | | | | marketing | | activities. | | | | agency | | | | | | | | | | | | **C.** | | | | | | Sharing | | | | | | personal | | | | | | data with | | | | | | external | | | | | | vendors | | | | | | | | | | | | **D.** | | | | | | Deleting | | | | | | old data | | | | | | records | | | +-------------+-------------+-------------+-------------+-------------+ | 15 | What | **A.** It | **B** | Non-complia | | | happens if | receives | | nce | | | an | warnings | | can result | | | organisatio | with no | | in | | | n | further | | regulatory | | | fails to | action | | action, | | | comply with | | | including | | | the NDPA? | **B.** It | | fines and | | | | may face | | other | | | | fines and | | penalties | | | | other | | imposed by | | | | penalties | | the NDPC. | | | | | | | | | | **C.** Its | | | | | | activities | | | | | | are | | | | | | automatical | | | | | | ly | | | | | | shut down | | | | | | | | | | | | **D.** Data | | | | | | subjects | | | | | | lose their | | | | | | rights | | | +-------------+-------------+-------------+-------------+-------------+ Module 2: Principles and Lawful Basis for Data Processing ========================================================= Here are **15 multiple-choice questions** exclusively based on **Module 2: Principles and Lawful Basis for Data Processing** for Data Protection Officers (DPOs) certification. Each question includes the correct answer and a short explanation. +-------------+-------------+-------------+-------------+-------------+ | [\#]{.under | [Question]{ | [Options]{. | [Answer]{.u | [Explanatio | | line} |.underline} | underline} | nderline} | n]{.underli | | | | | | ne} | +=============+=============+=============+=============+=============+ | 1 | Which of | **A.** Data | **B** | The | | | the | retention | | principle | | | following | without | | of | | | is a | limits | | lawfulness, | | | principle | | | fairness, | | | of data | **B.** | | and | | | processing | Lawfulness, | | transparenc | | | under the | fairness, | | y | | | NDPA? | and | | ensures | | | | transparenc | | personal | | | | y | | data is | | | | | | processed | | | | **C.** Data | | ethically | | | | sharing | | and with | | | | across | | awareness. | | | | departments | | | | | | | | | | | | **D.** | | | | | | Minimising | | | | | | compliance | | | | | | efforts | | | +-------------+-------------+-------------+-------------+-------------+ | 2 | What does | **A.** Data | **A** | Purpose | | | the | must be | | limitation | | | principle | processed | | ensures | | | of purpose | for a | | data is | | | limitation | specified, | | only used | | | require? | legitimate | | for the | | | | purpose | | purposes | | | | | | stated at | | | | **B.** Data | | the time of | | | | can be | | collection. | | | | repurposed | | | | | | without | | | | | | restriction | | | | | | | | | | | | **C.** | | | | | | Organisatio | | | | | | ns | | | | | | must limit | | | | | | the use of | | | | | | technology | | | | | | | | | | | | **D.** Data | | | | | | retention | | | | | | policies | | | | | | must be | | | | | | reviewed | | | | | | annually | | | +-------------+-------------+-------------+-------------+-------------+ | 3 | How does | **A.** | **A** | Data | | | the | Organisatio | | minimisatio | | | principle | ns | | n | | | of data | should | | ensures | | | minimisatio | collect | | only | | | n | only data | | necessary | | | apply? | necessary | | data is | | | | for their | | collected | | | | purpose | | to achieve | | | | | | the stated | | | | **B.** | | purpose. | | | | Organisatio | | | | | | ns | | | | | | should | | | | | | collect as | | | | | | much data | | | | | | as possible | | | | | | for future | | | | | | use | | | | | | | | | | | | **C.** | | | | | | Organisatio | | | | | | ns | | | | | | must delete | | | | | | all | | | | | | outdated | | | | | | data | | | | | | annually | | | | | | | | | | | | **D.** Data | | | | | | processing | | | | | | should be | | | | | | paused when | | | | | | resources | | | | | | are limited | | | +-------------+-------------+-------------+-------------+-------------+ | 4 | What is the | **A.** Data | **B** | The | | | principle | must be | | accuracy | | | of accuracy | collected | | principle | | | under the | from | | ensures | | | NDPA? | multiple | | personal | | | | sources | | data is | | | | | | correct and | | | | **B.** Data | | reflects | | | | must be | | current | | | | accurate | | information | | | | and kept up | |. | | | | to date | | | | | | | | | | | | **C.** | | | | | | Organisatio | | | | | | ns | | | | | | can rely on | | | | | | data | | | | | | provided by | | | | | | third | | | | | | parties | | | | | | without | | | | | | validation | | | | | | | | | | | | **D.** Data | | | | | | subjects | | | | | | must | | | | | | validate | | | | | | their own | | | | | | records | | | +-------------+-------------+-------------+-------------+-------------+ | 5 | What does | **A.** Data | **B** | Storage | | | the | can be | | limitation | | | principle | stored | | ensures | | | of storage | indefinitel | | data is not | | | limitation | y | | kept longer | | | mandate? | if | | than | | | | encrypted | | required | | | | | | for its | | | | **B.** Data | | intended | | | | must be | | use. | | | | stored only | | | | | | as long as | | | | | | necessary | | | | | | for the | | | | | | processing | | | | | | purpose | | | | | | | | | | | | **C.** Data | | | | | | should be | | | | | | archived | | | | | | for | | | | | | historical | | | | | | research | | | | | | | | | | | | **D.** | | | | | | Organisatio | | | | | | ns | | | | | | should | | | | | | limit the | | | | | | use of | | | | | | physical | | | | | | storage | | | +-------------+-------------+-------------+-------------+-------------+ | 6 | What is the | **A.** | **B** | This | | | principle | Processing | | principle | | | of | should | | ensures | | | integrity | prioritise | | that data | | | and | transparenc | | is secure | | | confidentia | y | | and | | | lity? | | | protected | | | | **B.** | | from | | | | Personal | | breaches or | | | | data must | | unauthorise | | | | be | | d | | | | protected | | access. | | | | against | | | | | | unauthorise | | | | | | d | | | | | | access and | | | | | | breaches | | | | | | | | | | | | **C.** Data | | | | | | controllers | | | | | | must inform | | | | | | the public | | | | | | about | | | | | | breaches | | | | | | immediately | | | | | | | | | | | | **D.** | | | | | | Organisatio | | | | | | ns | | | | | | can share | | | | | | data freely | | | | | | if | | | | | | encrypted | | | +-------------+-------------+-------------+-------------+-------------+ | 7 | Which of | **A.** | **D** | Organisatio | | | the | Consent | | nal | | | following | | | discretion | | | is NOT a | **B.** | | is not a | | | lawful | Compliance | | recognised | | | basis for | with a | | lawful | | | processing | legal | | basis under | | | personal | obligation | | the NDPA. | | | data? | | | | | | | **C.** | | | | | | Contractual | | | | | | necessity | | | | | | | | | | | | **D.** | | | | | | Organisatio | | | | | | nal | | | | | | discretion | | | +-------------+-------------+-------------+-------------+-------------+ | 8 | When can | **A.** For | **B** | Consent is | | | personal | marketing | | not | | | data be | purposes | | required if | | | processed | | | processing | | | without | **B.** To | | is | | | consent? | comply with | | necessary | | | | a legal | | to fulfil a | | | | obligation | | legal | | | | | | obligation. | | | | **C.** To | | | | | | develop new | | | | | | technologie | | | | | | s | | | | | | | | | | | | **D.** When | | | | | | the data | | | | | | subject is | | | | | | unavailable | | | +-------------+-------------+-------------+-------------+-------------+ | 9 | What does | **A.** That | **A** | Accountabil | | | the | organisatio | | ity | | | principle | ns | | ensures | | | of | comply with | | organisatio | | | accountabil | data | | ns | | | ity | protection | | take | | | require | laws and | | responsibil | | | from | demonstrate | | ity | | | organisatio | compliance | | for | | | ns? | | | compliance | | | | **B.** That | | and can | | | | organisatio | | demonstrate | | | | ns | | it to | | | | delegate | | regulators. | | | | data | | | | | | responsibil | | | | | | ities | | | | | | to external | | | | | | processors | | | | | | | | | | | | **C.** That | | | | | | data | | | | | | subjects | | | | | | are | | | | | | responsible | | | | | | for | | | | | | monitoring | | | | | | their data | | | | | | | | | | | | **D.** That | | | | | | regulators | | | | | | oversee all | | | | | | data | | | | | | processing | | | | | | activities | | | +-------------+-------------+-------------+-------------+-------------+ | 10 | What is the | **A.** | **A** | Sensitive | | | legal basis | Explicit | | personal | | | for | consent | | data | | | processing | | | requires | | | sensitive | **B.** | | explicit | | | personal | Standard | | consent, | | | data? | organisatio | | unless | | | | nal | | specific | | | | procedures | | exceptions | | | | | | apply. | | | | **C.** | | | | | | Verbal | | | | | | agreement | | | | | | from the | | | | | | data | | | | | | subject | | | | | | | | | | | | **D.** Data | | | | | | controller | | | | | | discretion | | | +-------------+-------------+-------------+-------------+-------------+ | 11 | How does | **A.** | **A** | Fairness | | | the | Processing | | ensures | | | principle | must be | | data | | | of fairness | unbiased | | subjects' | | | apply to | and | | rights and | | | data | respectful | | expectation | | | processing? | of data | | s | | | | subjects' | | are | | | | rights | | respected | | | | | | during | | | | **B.** | | processing. | | | | Processing | | | | | | must ensure | | | | | | maximum | | | | | | data | | | | | | collection | | | | | | | | | | | | **C.** | | | | | | Processing | | | | | | must | | | | | | prioritise | | | | | | organisatio | | | | | | nal | | | | | | objectives | | | | | | | | | | | | **D.** | | | | | | Processing | | | | | | must | | | | | | involve | | | | | | third-party | | | | | | validation | | | +-------------+-------------+-------------+-------------+-------------+ | 12 | What is the | **A.** | **A** | Processing | | | lawful | Protecting | | for vital | | | basis for | the health | | interests | | | processing | or safety | | applies | | | data for | of an | | when it is | | | vital | individual | | necessary | | | interests? | | | to protect | | | | **B.** | | an | | | | Enhancing | | individual' | | | | organisatio | | s | | | | nal | | life or | | | | productivit | | safety. | | | | y | | | | | | | | | | | | **C.** | | | | | | Conducting | | | | | | market | | | | | | analysis | | | | | | | | | | | | **D.** | | | | | | Gathering | | | | | | data for | | | | | | statistical | | | | | | purposes | | | +-------------+-------------+-------------+-------------+-------------+ | 13 | Which | **A.** | **B** | Transparenc | | | principle | Lawfulness | | y | | | requires | | | ensures | | | organisatio | **B.** | | organisatio | | | ns | Transparenc | | ns | | | to inform | y | | provide | | | data | | | clear | | | subjects | **C.** Data | | information | | | about | minimisatio | | to data | | | processing | n | | subjects | | | activities? | | | about how | | | | **D.** | | their data | | | | Purpose | | is | | | | limitation | | processed. | +-------------+-------------+-------------+-------------+-------------+ | 14 | How does | **A.** It | **A** | Processing | | | contractual | applies | | based on | | | necessity | when | | contractual | | | serve as a | processing | | necessity | | | lawful | is | | is lawful | | | basis? | necessary | | when it is | | | | for the | | essential | | | | performance | | for | | | | of a | | fulfilling | | | | contract | | contractual | | | | | | obligations | | | | **B.** It | |. | | | | applies to | | | | | | processing | | | | | | required | | | | | | for legal | | | | | | compliance | | | | | | | | | | | | **C.** It | | | | | | is used for | | | | | | processing | | | | | | sensitive | | | | | | data | | | | | | | | | | | | **D.** It | | | | | | allows | | | | | | processing | | | | | | of all | | | | | | employee | | | | | | data | | | +-------------+-------------+-------------+-------------+-------------+ | 15 | What is the | **A.** Data | **A** | Lawful | | | principle | must be | | processing | | | of lawful | processed | | requires | | | processing? | in | | adherence | | | | compliance | | to a legal | | | | with a | | basis, such | | | | lawful | | as consent | | | | basis | | or | | | | recognised | | compliance | | | | under the | | with a | | | | NDPA | | legal | | | | | | obligation. | | | | **B.** | | | | | | Organisatio | | | | | | ns | | | | | | must | | | | | | process | | | | | | data to | | | | | | meet their | | | | | | internal | | | | | | policies | | | | | | | | | | | | **C.** Data | | | | | | must be | | | | | | processed | | | | | | only by | | | | | | authorised | | | | | | personnel | | | | | | | | | | | | **D.** Data | | | | | | processing | | | | | | should | | | | | | prioritise | | | | | | legal cases | | | +-------------+-------------+-------------+-------------+-------------+ Module 3: Data Subjects' Rights =============================== Here is a complete list of **20 multiple-choice questions** based on **Module 3: Data Subjects' Rights** for Data Protection Officers (DPOs) certification. Each question includes the correct answer and a brief explanation. +-------------+-------------+-------------+-------------+-------------+ | [\#]{.under | [Question]{ | [Options]{. | [Answer]{.u | [Explanatio | | line} |.underline} | underline} | nderline} | n]{.underli | | | | | | ne} | +=============+=============+=============+=============+=============+ | 1 | What is the | **A.** The | **B** | The right | | | right to | right to | | to access | | | access? | modify | | allows data | | | | organisatio | | subjects to | | | | nal | | know if | | | | records | | their | | | | | | personal | | | | **B.** The | | data is | | | | right to | | being | | | | obtain | | processed | | | | information | | and to | | | | about | | obtain | | | | personal | | details | | | | data being | | about it. | | | | processed | | | | | | | | | | | | **C.** The | | | | | | right to | | | | | | delete all | | | | | | organisatio | | | | | | nal | | | | | | data | | | | | | | | | | | | **D.** The | | | | | | right to | | | | | | transfer | | | | | | personal | | | | | | data | | | | | | between | | | | | | organisatio | | | | | | ns | | | +-------------+-------------+-------------+-------------+-------------+ | 2 | How must | **A.** | **B** | Data | | | data | Within 72 | | controllers | | | controllers | hours | | must | | | respond to | | | respond to | | | access | **B.** | | data | | | requests? | Within 30 | | subject | | | | days | | access | | | | | | requests | | | | **C.** | | within 30 | | | | Within 90 | | days as per | | | | days | | the NDPA. | | | | | | | | | | **D.** Only | | | | | | after NDPC | | | | | | approval | | | +-------------+-------------+-------------+-------------+-------------+ | 3 | What does | **A.** Data | **B** | The right | | | the right | controllers | | to | | | to | can freely | | rectificati | | | rectificati | modify data | | on | | | on | | | ensures | | | ensure? | **B.** Data | | that data | | | | subjects | | subjects | | | | can correct | | can request | | | | inaccurate | | corrections | | | | or | | to | | | | incomplete | | inaccuracie | | | | personal | | s | | | | data | | in their | | | | | | data. | | | | **C.** Data | | | | | | must be | | | | | | stored | | | | | | indefinitel | | | | | | y | | | | | | | | | | | | **D.** Data | | | | | | subjects | | | | | | can approve | | | | | | new data | | | | | | entries | | | +-------------+-------------+-------------+-------------+-------------+ | 4 | What is the | **A.** To | **B** | The right | | | purpose of | permanently | | to erasure | | | the right | delete all | | allows data | | | to erasure? | stored data | | subjects to | | | | | | request | | | | **B.** To | | deletion of | | | | enable | | their data | | | | deletion of | | when | | | | personal | | specific | | | | data under | | conditions | | | | certain | | are met. | | | | conditions | | | | | | | | | | | | **C.** To | | | | | | remove data | | | | | | only from | | | | | | physical | | | | | | storage | | | | | | | | | | | | **D.** To | | | | | | anonymise | | | | | | sensitive | | | | | | data | | | +-------------+-------------+-------------+-------------+-------------+ | 5 | What is the | **A.** A | **B** | Data | | | right to | data | | subjects | | | restrict | controller' | | can request | | | processing? | s | | restricted | | | | ability to | | processing, | | | | limit their | | such as | | | | operations | | when data | | | | | | accuracy is | | | | **B.** A | | contested | | | | data | | or | | | | subject's | | processing | | | | right to | | is | | | | stop | | unlawful. | | | | processing | | | | | | under | | | | | | certain | | | | | | conditions | | | | | | | | | | | | **C.** A | | | | | | data | | | | | | controller' | | | | | | s | | | | | | obligation | | | | | | to delete | | | | | | data | | | | | | | | | | | | **D.** A | | | | | | data | | | | | | subject's | | | | | | right to | | | | | | monitor | | | | | | data | | | | | | sharing | | | +-------------+-------------+-------------+-------------+-------------+ | 6 | What is the | **A.** The | **B** | Data | | | right to | right to | | portability | | | data | store data | | allows | | | portability | in portable | | individuals | | | ? | devices | | to transfer | | | | | | their data | | | | **B.** The | | between | | | | ability to | | organisatio | | | | transfer | | ns | | | | data in a | | easily. | | | | structured, | | | | | | machine-rea | | | | | | dable | | | | | | format | | | | | | | | | | | | **C.** The | | | | | | ability to | | | | | | delete all | | | | | | personal | | | | | | data from | | | | | | digital | | | | | | systems | | | | | | | | | | | | **D.** The | | | | | | right to | | | | | | share data | | | | | | only with | | | | | | government | | | | | | agencies | | | +-------------+-------------+-------------+-------------+-------------+ | 7 | Which of | **A.** | **B** | While data | | | the | Right to | | subjects | | | following | object to | | can take | | | is NOT a | processing | | legal | | | right of | | | action, | | | data | **B.** | | this is not | | | subjects | Right to | | specificall | | | under the | sue for | | y | | | NDPA? | data | | categorised | | | | breaches | | as a right | | | | | | under the | | | | **C.** | | NDPA. | | | | Right to | | | | | | data | | | | | | portability | | | | | | | | | | | | **D.** | | | | | | Right to | | | | | | rectificati | | | | | | on | | | +-------------+-------------+-------------+-------------+-------------+ | 8 | What does | **A.** Data | **B** | The right | | | the right | subjects | | to object | | | to object | can stop | | allows | | | allow? | processing | | individuals | | | | for any | | to | | | | reason | | challenge | | | | | | processing | | | | **B.** Data | | based on | | | | subjects | | legitimate | | | | can object | | interests | | | | to | | or for | | | | processing | | marketing | | | | based on | | purposes. | | | | legitimate | | | | | | interests | | | | | | or direct | | | | | | marketing | | | | | | | | | | | | **C.** | | | | | | Organisatio | | | | | | ns | | | | | | must delete | | | | | | all | | | | | | contested | | | | | | data | | | | | | immediately | | | | | | | | | | | | **D.** Data | | | | | | controllers | | | | | | can | | | | | | override | | | | | | the | | | | | | objection | | | | | | without | | | | | | explanation | | | +-------------+-------------+-------------+-------------+-------------+ | 9 | What is | **A.** A | **A** | Data | | | required to | formal | | subjects | | | exercise | written | | must submit | | | the right | request | | a formal | | | to access? | | | request to | | | | **B.** | | exercise | | | | Proof of | | their right | | | | citizenship | | to access. | | | | | | | | | | **C.** A | | | | | | court order | | | | | | | | | | | | **D.** | | | | | | NDPC's | | | | | | authorisati | | | | | | on | | | +-------------+-------------+-------------+-------------+-------------+ | 10 | Under what | **A.** Data | **A** | Data | | | condition | is no | | subjects | | | can data | longer | | can request | | | subjects | necessary | | erasure | | | request | for its | | when the | | | erasure? | original | | data is no | | | | purpose | | longer | | | | | | needed for | | | | **B.** Data | | the | | | | processing | | original | | | | is for | | processing | | | | public | | purpose. | | | | interest | | | | | | | | | | | | **C.** Data | | | | | | is | | | | | | transferred | | | | | | internation | | | | | | ally | | | | | | | | | | | | **D.** Data | | | | | | is stored | | | | | | for | | | | | | organisatio | | | | | | nal | | | | | | use | | | +-------------+-------------+-------------+-------------+-------------+ | 11 | What does | **A.** Data | **A** | This right | | | the right | subjects | | allows data | | | to lodge a | can | | subjects to | | | complaint | challenge | | raise | | | ensure? | non-complia | | concerns | | | | nce | | with | | | | with data | | supervisory | | | | protection | | authorities | | | | laws | | about | | | | | | potential | | | | **B.** Data | | violations. | | | | controllers | | | | | | can | | | | | | initiate | | | | | | compliance | | | | | | audits | | | | | | | | | | | | **C.** | | | | | | Organisatio | | | | | | ns | | | | | | can appeal | | | | | | NDPC | | | | | | decisions | | | | | | | | | | | | **D.** Data | | | | | | processors | | | | | | can avoid | | | | | | legal | | | | | | responsibil | | | | | | ity | | | +-------------+-------------+-------------+-------------+-------------+ | 12 | What is the | **A.** 7 | **C** | The NDPA | | | timeframe | days | | requires | | | for | | | organisatio | | | organisatio | **B.** 14 | | ns | | | ns | days | | to address | | | to handle | | | rectificati | | | rectificati | **C.** 30 | | on | | | on | days | | requests | | | requests? | | | within 30 | | | | **D.** 90 | | days. | | | | days | | | +-------------+-------------+-------------+-------------+-------------+ | 13 | What | **A.** Data | **B** | Data | | | happens | controllers | | processing | | | when data | must delete | | should be | | | subjects | the data | | restricted | | | contest the | immediately | | until the | | | accuracy of | | | accuracy of | | | data? | **B.** Data | | contested | | | | controllers | | data is | | | | must | | resolved. | | | | restrict | | | | | | processing | | | | | | until | | | | | | accuracy is | | | | | | verified | | | | | | | | | | | | **C.** Data | | | | | | controllers | | | | | | can | | | | | | continue | | | | | | processing | | | | | | without | | | | | | delay | | | | | | | | | | | | **D.** Data | | | | | | processors | | | | | | must | | | | | | contact the | | | | | | NDPC | | | +-------------+-------------+-------------+-------------+-------------+ | 14 | Can data | **A.** No, | **B** | Data | | | subjects | consent is | | subjects | | | withdraw | irrevocable | | can | | | consent at | | | withdraw | | | any time? | **B.** Yes, | | consent | | | | without | | without | | | | affecting | | affecting | | | | previous | | the | | | | processing | | legality of | | | | | | processing | | | | **C.** Yes, | | that | | | | but only | | occurred | | | | with NDPC | | before | | | | approval | | withdrawal. | | | | | | | | | | **D.** No, | | | | | | unless | | | | | | processing | | | | | | is unlawful | | | +-------------+-------------+-------------+-------------+-------------+ | 15 | What is the | **A.** | **A** | The right | | | significanc | Organisatio | | to be | | | e | ns | | informed | | | of the | must | | ensures | | | right to be | provide | | transparenc | | | informed? | clear, | | y | | | | accessible | | by | | | | information | | requiring | | | | about | | organisatio | | | | processing | | ns | | | | activities | | to | | | | | | communicate | | | | **B.** Data | | how | | | | subjects | | personal | | | | can request | | data is | | | | unlimited | | used. | | | | information | | | | | | about | | | | | | company | | | | | | operations | | | | | | | | | | | | **C.** Data | | | | | | processors | | | | | | must | | | | | | disclose | | | | | | internal | | | | | | practices | | | | | | | | | | | | **D.** Data | | | | | | controllers | | | | | | can | | | | | | restrict | | | | | | disclosures | | | | | | based on | | | | | | proprietary | | | | | | interests | | | +-------------+-------------+-------------+-------------+-------------+ | 16 | What does | **A.** | **D** | Restriction | | | the right | Suspending | | allows | | | to | data | | limiting | | | restriction | processing | | the use of | | | NOT | | | data but | | | include? | **B.** | | does not | | | | Continuing | | mandate its | | | | storage of | | deletion. | | | | personal | | | | | | data | | | | | | | | | | | | **C.** | | | | | | Processing | | | | | | for legal | | | | | | claims | | | | | | | | | | | | **D.** | | | | | | Deleting | | | | | | all data | | | | | | permanently | | | +-------------+-------------+-------------+-------------+-------------+ | 17 | When can a | **A.** When | **A** | Data | | | data | it | | subjects | | | subject | significant | | can object | | | object to | ly | | to | | | automated | affects | | automated | | | decision-ma | them | | decisions | | | king? | | | that have | | | | **B.** When | | significant | | | | it involves | | legal or | | | | financial | | similar | | | | decisions | | effects on | | | | | | them. | | | | **C.** Only | | | | | | in | | | | | | health-rela | | | | | | ted | | | | | | cases | | | | | | | | | | | | **D.** | | | | | | Automated | | | | | | decisions | | | | | | cannot be | | | | | | objected to | | | +-------------+-------------+-------------+-------------+-------------+ | 18 | What is the | **A.** To | **A** | The NDPC | | | role of the | monitor | | oversees | | | NDPC in | compliance | | enforcement | | | protecting | and address | | of data | | | data | complaints | | protection | | | subject | | | laws and | | | rights? | **B.** To | | ensures | | | | provide | | rights are | | | | funding to | | upheld. | | | | data | | | | | | controllers | | | | | | | | | | | | **C.** To | | | | | | enforce | | | | | | internation | | | | | | al | | | | | | data | | | | | | transfer | | | | | | agreements | | | | | | | | | | | | **D.** To | | | | | | manage | | | | | | organisatio | | | | | | nal | | | | | | HR policies | | | +-------------+-------------+-------------+-------------+-------------+ | 19 | Which of | **A.** Data | **A** | Data | | | the | must be | | portability | | | following | processed | | applies to | | | is a | by | | data | | | condition | automated | | processed | | | for | means | | by | | | exercising | | | automated | | | the right | **B.** Data | | means in a | | | to data | must be | | structured, | | | portability | stored on | | commonly | | | ? | physical | | used | | | | devices | | format. | | | | | | | | | | **C.** The | | | | | | NDPC must | | | | | | pre-approve | | | | | | the | | | | | | transfer | | | | | | | | | | | | **D.** Data | | | | | | must be in | | | | | | non-digital | | | | | | formats | | | +-------------+-------------+-------------+-------------+-------------+ | 20 | What is the | **A.** To | **A** | Withdrawal | | | purpose of | allow data | | of consent | | | the right | subjects to | | allows | | | to withdraw | stop | | individuals | | | consent? | processing | | to stop | | | | based on | | processing | | | | prior | | activities | | | | consent | | they no | | | | | | longer wish | | | | **B.** To | | to support. | | | | provide | | | | | | data | | | | | | controllers | | | | | | with | | | | | | additional | | | | | | flexibility | | | | | | | | | | | | **C.** To | | | | | | require | | | | | | NDPC | | | | | | interventio | | | | | | n | | | | | | in disputes | | | | | | | | | | | | **D.** To | | | | | | delete all | | | | | | processing | | | | | | records | | | | | | permanently | | | +-------------+-------------+-------------+-------------+-------------+ Module 4: Data Controllers/ Processors ====================================== Here is a list of **15 multiple-choice questions** based on **Module 4: Data Controllers/Processors** for Data Protection Officers (DPOs) certification. Each question includes the correct answer and a short explanation. +-------------+-------------+-------------+-------------+-------------+ | [\#]{.under | [Question]{ | [Options]{. | [Answer]{.u | [Explanatio | | line} |.underline} | underline} | nderline} | n]{.underli | | | | | | ne} | +=============+=============+=============+=============+=============+ | 1 | Who is a | **A.** An | **B** | A data | | | data | individual | | controller | | | controller | responsible | | is an | | | under the | for | | entity that | | | NDPA? | managing IT | | determines | | | | systems | | why and how | | | | | | personal | | | | **B.** An | | data is | | | | entity that | | processed. | | | | determines | | | | | | the purpose | | | | | | and means | | | | | | of | | | | | | processing | | | | | | personal | | | | | | data | | | | | | | | | | | | **C.** A | | | | | | regulator | | | | | | overseeing | | | | | | data | | | | | | protection | | | | | | compliance | | | | | | | | | | | | **D.** A | | | | | | vendor | | | | | | handling | | | | | | external | | | | | | data | | | | | | transfers | | | +-------------+-------------+-------------+-------------+-------------+ | 2 | What is the | **A.** To | **B** | A data | | | role of a | determine | | processor | | | data | the purpose | | processes | | | processor? | of data | | data based | | | | collection | | on the | | | | | | instruction | | | | **B.** To | | s | | | | process | | provided by | | | | personal | | the data | | | | data on | | controller. | | | | behalf of | | | | | | the data | | | | | | controller | | | | | | | | | | | | **C.** To | | | | | | enforce | | | | | | penalties | | | | | | for data | | | | | | breaches | | | | | | | | | | | | **D.** To | | | | | | monitor | | | | | | data | | | | | | subjects' | | | | | | activities | | | +-------------+-------------+-------------+-------------+-------------+ | 3 | Who is | **A.** Only | **C** | Both | | | responsible | the data | | controllers | | | for | controller |

Use Quizgecko on...
Browser
Open
Browser
Browser