Data Protection Practice Test PDF
Document Details
Uploaded by AthleticSilver740
NUS Faculty of Law
2020
Tags
Summary
This document contains a practice test for Data Protection, covering topics such as data flow diagrams, data lifecycle, risk management, and administrative controls. The questions are multiple choice, designed for secondary school students, and are geared towards helping students prepare for a Data Protection exam.
Full Transcript
## Data Protection Questions ### Question 1 **The advantage of using a data flow diagram is:** - does not require high-level software - it is easy to develop - **it can be easily understood** - there are no limitations on recording of information **1 pts** ### Question 2 **In order to understa...
## Data Protection Questions ### Question 1 **The advantage of using a data flow diagram is:** - does not require high-level software - it is easy to develop - **it can be easily understood** - there are no limitations on recording of information **1 pts** ### Question 2 **In order to understand the data lifecycle, an organisation must** - do a risk assessment of its PDPA non-compliance - **analyse the flows of personal data in its business processes** - carry out a Data Protection Impact Assessment - carry out an audit of its policies and processes **1 pts** ### Question 3 **When an organisation does something that may risk the breach of personal data, what kind of risk is it directly exposed to:** - operational risk - strategic risk - **compliance risk** - financial risk **1 pts** ### Question 4 **Personal Data Protection risk management is not** - sharing the risk with a third party, like an insurance provider - minimising, monitoring and controlling a risk event from occurring - **identifying, assessing and prioritizing risks** - registering Patent for a product **1 pts** ### Question 5 **The risk level in terms of personal data protection may be determine by the following, except** - confidentiality in respect to disclosure of personal information - availability of the data when intended users desires to use it - **cost of implementing risk measures** - accuracy and completeness of the data **1 pts** ### Question 6 **One way in which an organisation can do scoring under a risk assessment framework is by using a quantitative approach or a qualitative approach** - **True** - False **1 pts** ### Question 7 **When an organisation put in controls to manage its risks, the organisation is responding to the risk by** - sharing the risk - retaining the risk - avoiding the risk - **modifying the risk** **1 pts** ### Question 8 **In order to operationalise controls, it is necessary to lift a few simple rules out from the formal policies and practices and to present them to staff in a simple and straightforward set of requirements** - **True** - False **1 pts** ### Question 9 **In order to comply with the purpose limitation obligation, employees could be instructed to** - allow individuals to withdraw their consent - give access when individuals request for it - protect personal data in custody - **collect only what is reasonable** **1 pts** ### Question 10 **The following are examples of administrative controls, except for:** - **restriction of access to organisation's premises** - confidentiality obligations of employees - contracts with data intermediaries - personal data protection policy **1 pts** ### Question 11 **In order to comply with the PDPA where IT vendors are involved, the organisation must state clearly in the contract that:** - the Vendor can allow access if the individuals requests for access to their personal data - **the Vendor needs to obtain the consent of the persons whose data it is processing** - when there is a data breach, it must inform the PDPC within 72 hours - the IT vendor is required to consider how personal data should be handled **1 pts** ### Question 12 **The following are good data protection by design practices, except:** - maximising the collection of personal data - factoring adequate resources for security testing - **conducting a DPIA** - implementing access controls **1 pts** ### Question 13 **As personal data protection is a continuous compliance process, which of the following statements is true** - a DPO need not conduct a review where there are legislative changes - the DPO needs to endorse the DPMP - an external data protection policy is actually called a policy notice - **organisation should learn from feedback about its personal data protection policy** **1 pts** ### Question 14 **A Data Protection Policy on a website is mis-named. It is not a policy; it is a notice.** - **True** - False **1 pts** ### Question 15 **When drafting a notice, it is important to be clear and informative and** - state everything possible in the notice - **use a simple style** - write it as if everyone has the same level of understanding - avoid a layered notice **1 pts** ## Assessment Summary **Assessment Name:** Practitioner Certificate in Personal Data Protection (Singapore) 2020 **Candidate Name:** **Candidate NRIC (Partial):** **Date of Examination:** 21-06-2023 **Overall Score:** 74% **Final Result:** Pass | Topic | Results | |---|---| | Accountability | 100% | | Data Breach Management | 100% | | Data Protection Management Programme | 75% | | Risk Management | 64.29% | | Data Protection Impact Assessment | 57.14% | **Note:** The personal data protection (Singapore) 2020 is administered by NTUC LearningHub Pte Ltd on behalf of the [deleted, as this likely refers to a person's company]
