Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > Quizzes for Business > Government

Take the GDPR Compliance Quiz Now

Enhance Your Data Protection & Compliance Skills

Difficulty: Moderate
Questions: 20
Learning OutcomesStudy Material
Colorful paper art depicting elements related to GDPR Compliance Quiz

This GDPR Compliance Quiz helps you practice core data protection rules and spot gaps before an audit. Answer quick multiple-choice questions on rights, lawful bases, consent, and breach reporting, then see where to focus next. For more depth, try the longer GDPR quiz or the broader compliance assessment .

What does GDPR stand for?
General Data Privacy Rule
Global Data Protection Requirement
General Data Protection Regulation
General Data Processing Regulation
It stands for General Data Protection Regulation, the EU law on data privacy. It establishes rules for processing personal data within the EU and for data exported outside the EU.
Which GDPR principle requires that personal data collected is limited to what is necessary in relation to the purposes for which it is processed?
Purpose limitation
Storage limitation
Integrity and confidentiality
Data minimisation
Data minimisation requires limiting data to what is necessary for the processing purpose. This principle helps reduce risk and ensure only relevant data is held.
Which of the following is a lawful basis under GDPR that requires explicit permission from the data subject?
Consent
Legal obligation
Legitimate interest
Contractual necessity
Only consent depends on explicit permission that is freely given by the data subject. Other lawful bases do not require this level of explicit agreement.
Which right under GDPR allows individuals to obtain confirmation and a copy of their personal data?
Right to erasure
Right of access
Right to data portability
Right to rectification
Right of access allows individuals to request confirmation of processing and to obtain copies of their personal data. It ensures transparency and empowers individuals to verify lawfulness of processing.
Within what timeframe must a personal data breach be reported to the supervisory authority under GDPR?
72 hours
24 hours
Immediately
One week
Article 33 of the GDPR mandates that a personal data breach must be reported to the supervisory authority within 72 hours of discovery. This time limit helps ensure swift action to protect data subjects.
What is the primary purpose of conducting a Data Protection Impact Assessment (DPIA)?
To obtain consent from all data subjects
To audit financial records
To train employees on data handling
To identify and mitigate privacy risks arising from processing activities
A DPIA identifies and mitigates privacy risks arising from processing activities. It is a proactive measure to protect the rights and freedoms of individuals before launching high-risk processing.
A company repurposes customer email addresses collected for order confirmations to send marketing newsletters without further consent. Which GDPR principle is violated?
Lawfulness, fairness, and transparency
Data minimisation
Data integrity
Purpose limitation
Purpose limitation prohibits using personal data for new purposes without appropriate consent or legal basis. Repurposing data for marketing without consent breaches this principle.
In a controller-processor relationship, who is primarily responsible for ensuring lawful processing of personal data under GDPR?
The data protection officer
The data controller
The data processor
The supervisory authority
The data controller determines the purposes and means of processing, making them legally responsible for compliance. Processors act on the controller's instructions but the controller holds primary accountability.
When transferring personal data to a non-EU country without an adequacy decision, which safeguard is acceptable under GDPR?
Privacy Shield
Local encryption only
Binding national laws
Standard Contractual Clauses
Standard Contractual Clauses are pre-approved contractual terms ensuring adequate protection for data transferred outside the EU. They provide legal safeguards when no adequacy decision exists.
After identifying a personal data breach, what should an organization do first under GDPR?
Update the privacy notice
Contain and assess the breach
Delete affected data
Notify all data subjects immediately
The first step is to contain and assess the breach to understand its scope and impact. This allows the organization to plan remediation and notification steps effectively.
Which GDPR right allows individuals to request the deletion of their personal data?
Right to erasure
Right to portability
Right to rectification
Right to object
Right to erasure, also known as the 'right to be forgotten', enables individuals to request deletion of their personal data. It applies when data is no longer necessary or consent is withdrawn.
How long does an organization have to respond to a subject access request under GDPR?
Immediately
72 hours
Two weeks
One month
GDPR mandates a one-month period for organizations to respond to subject access requests. A two-month extension is allowed in complex cases after notifying the requester.
If data processing is necessary to comply with a legal obligation, which lawful basis applies under GDPR?
Consent
Legitimate interest
Vital interests
Legal obligation
Processing that is required to meet legal obligations falls under the legal obligation lawful basis. This basis applies when laws or regulations mandate the processing activity.
Which GDPR principle ensures personal data is not kept longer than necessary for its original purpose?
Accuracy
Integrity and confidentiality
Storage limitation
Accountability
Storage limitation ensures personal data is retained only as long as necessary for the processing purposes. After that period, data must be deleted or anonymised to comply with GDPR.
Which of the following is NOT considered special category personal data under GDPR?
Ethnic origin
Email address
Health information
Religious beliefs
Email addresses are not classified as special category data because they are not inherently sensitive. Special categories include data like health status, racial or ethnic origin, and religious beliefs.
Which of the following best describes valid consent under GDPR?
Implied consent via website usage
Bundled consent included in general terms
A pre-ticked checkbox agreed at registration
A clear affirmative action freely given for specific purposes
GDPR requires consent to be a clear affirmative action, freely given for specific purposes. Pre-ticked boxes or bundled consent do not meet the GDPR standard for valid consent.
Which GDPR article requires the notification of personal data breaches to the supervisory authority?
Article 34
Article 33
Article 32
Article 35
Article 33 of the GDPR specifically mandates notification of personal data breaches to the supervisory authority within 72 hours of awareness. Notification must occur promptly unless the breach is unlikely to result in a risk to individuals' rights and freedoms.
What is the maximum administrative fine for infringements of GDPR's core processing principles?
Up to €20 million or 4% of global turnover
Up to €50 million flat fee
Up to €5 million or 1% of turnover
Up to €10 million or 2% of global turnover
Basic processing principle infringements can incur fines up to €10 million or 2% of annual global turnover. Higher-tier infringements of rights and obligations carry higher fines up to €20 million or 4% of turnover.
Which element must a Data Protection Impact Assessment (DPIA) include according to GDPR guidelines?
Employee training schedules
An assessment of processing necessity and risk mitigation measures
A full financial audit of the project
Marketing strategies
A DPIA must include an assessment of processing necessity, proportionality, and measures to mitigate identified risks. This structured evaluation ensures potential harms to data subjects are addressed.
Under GDPR, which obligation is mandatory for data processors?
Process personal data only on the controller's documented instructions
Determine the purposes of the processing
Appoint a Data Protection Officer in all cases
Respond directly to data subject requests
Article 28 of the GDPR mandates that processors only process personal data on the controller's documented instructions. This ensures processors cannot use data for purposes beyond what the controller has authorized.
0
{"name":"What does GDPR stand for?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What does GDPR stand for?, Which GDPR principle requires that personal data collected is limited to what is necessary in relation to the purposes for which it is processed?, Which of the following is a lawful basis under GDPR that requires explicit permission from the data subject?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Learning Outcomes

  1. Identify key principles and requirements of GDPR compliance
  2. Analyse real-world scenarios for data privacy compliance
  3. Evaluate organizational policies against GDPR standards
  4. Apply best practices for data subject rights management
  5. Demonstrate proper data breach response procedures

Cheat Sheet

  1. Seven Key Principles of GDPR - The GDPR stands on seven awesome pillars - lawfulness, fairness & transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity & confidentiality; and accountability. Mastering these basics turns you into a data-protection superstar!
  2. Lawful Processing - Every data move you make needs a solid legal basis - like consent, contract needs, legal obligations, vital interests, public tasks, or legitimate interests. Ensuring lawfulness is your ticket to GDPR compliance fame.
  3. Data Minimization - Less is more! Only collect what you absolutely need for your project, and say goodbye to extra risk and clutter. Embracing minimalism makes privacy a breeze.
  4. Data Accuracy - Keep info fresh by regularly updating and correcting personal data - no more outdated or duplicate entries! Accurate data protects both you and your data subjects from mishaps.
  5. Storage Limitation - Retain personal data only as long as it serves its purpose, then let it go! Craft clear retention policies to avoid data hoarding.
  6. Integrity & Confidentiality - Armor up with strong security measures to shield data from unauthorized access, loss, or damage. Routine security checks keep you one step ahead of cyber mischief.
  7. Data Subjects' Rights - Respect rights like access, correction, erasure, processing restriction, portability, and objection - it's like granting data superheroes their superpowers! Upholding these rights is mandatory for true compliance.
  8. Breach Response Plan - Gear up with a clear, speedy breach-response plan to tackle data incidents head-on. Fast action can save the day and minimize damage!
  9. Data Protection Impact Assessments - Run DPIAs to spot and squash privacy risks before they blow up. Proactive risk checks build trust and keep your projects on the right side of the law.
  10. Accountability Culture - Document your compliance moves, train your team, and if required, appoint a Data Protection Officer. Showing you've got GDPR covered earns you credibility and confidence.
Powered by: Quiz Maker