a minimum of € 20,000,000 whichever is higher
15 / 20 Supervisory Authorities are assigned a number of responsibilities aimed at making sure data protection regulations are complied with.
What is one of those responsibilities?
A) Assessing codes of conduct for specific sectors relating to the processing of personal data.
B) Defining a minimum set of measures to be taken to protect personal data.
C) Investigation of all data breaches of which they have been notified.
D) Review of contracts and BCRs on compliance with the regulations.
16 / 20 Binding corporate rules are a means for organizations to ease their administrative burden when complying with the GDPR.
How do these rules help them?
A) They allow them to have underpinning contracts with all parties involved abroad.
B) They allow them to let third parties outside the European Economic Area process personal data.
C) They avoid the need to approach each supervisory authority in the EU separately.
D) They prevent them from having to ask a supervisory authority for permission for the processing of the data once their BCR are accepted.
17 / 20 What should be done so that a Controller is able to outsource the processing of personal data to a Processor?
A) The Controller must ask the supervisory authority for permission to outsource the processing of the data.
B) The Controller must ask the supervisory authority if the agreed upon written contract is compliant with the regulations.
C) The Controller and Processor must draft and sign a written contract guaranteeing the confidentiality of the data.
D) The Processor must show the Controller all demands agreed upon in the Service Level Agreement (SLA) are met.
18 / 20 Often staff that works with personal data consider privacy and information security as separate issues.
Why is this wrong?
A) Privacy can’t be guaranteed without identifying, implementing, and monitoring proper information security measures.
B) The supervisory authority expects the roles of data protection officer and Information security officer to be integrated.
C) The regulations identify specific information security measures that must be taken before handling personal data is allowed.
19 / 20 Session cookies are one of the most common types of cookie.
What best describes a session cookie?
A) It contains information on what you are doing, for instance the products you select in a web shop before you actually order.
B) It reveals your browse history, so other websites can find out which websites you have visited before you arrived there.
C) It stores your browse history, so you can trace where you have been on the net and revisit those site(s) if you want.
D) It collects your personal data, so the website can greet you by name and reuse your settings when you return.
20 / 20 Sometimes websites track visitors and store their information for marketing purposes.
Is the website obliged to notify the visitor that their information is being used for marketing purposes?
A) Yes
B) No
Answer Key
1 / 20 The illegal collection, storage, modification, disclosure or dissemination of personal data is an offence by European law.
What kind of offence is this?
A) a content related offence
B) an economic offence
C) an intellectual property offence
D) a privacy offence
A) Incorrect. A content related offence concerns dissemination of racist statements, (child) pornography or information inciting violence.
B) Incorrect. Economic offences relate to unauthorized access to systems (hacking, distribution of viruses, etc.) computer espionage, -forgery, and - fraud).
C) Incorrect. Intellectual property offences pertain to violations of copyright and related rights.
D) Correct. Any illegal processing of personal data is an offence. No Source: basic knowledge.
2 / 20 How are privacy and data protection related to each other?
A) Data protection is a subset of privacy.
B) Privacy is a subset of data protection.
C) They are the same thing.
D) You cannot have privacy without data protection.
A) Incorrect. Privacy spans a lot of concepts like spatial, relational, bodily and information privacy. Data protection has no relation to some of these.
B) Incorrect. Privacy spans a lot of concepts like spatial, relational, bodily and information privacy. Data protection helps to guarantee some of these.
C) Incorrect. Data protection for example has nothing to do with spatial privacy.
D) Correct. Data protection is a necessary measure to protect the fundamental right to privacy. Source: White Paper – Privacy, Personal Data and the GDPR - §1.3 Definitions
3 / 20 The word 'privacy' is not mentioned in the GDPR.
How is 'privacy' related to 'data protection'?
A) Data protection is a set of rules and regulations
