A.  

For all projects that include technologies or processes that require data protection

B.  

For all sets of similar processing operations with comparable risks

C.  

For any situation where technologies and processes will be subject to a risk assessment

D.  

For technologies and processes that are likely to result in a high risk to the rights of data subjects

A.  

Security incident

B.  

Incident

C.  

Breach of confidentiality

D.  

Data breach

A.  

It aims to incorporate security measures to protect data from the moment it is collected, throughout the processing and until its destruction at the end of the process

B.  

It aims to ensure that personal data is automatically part of a protection process.

C.  

It aims to create privacy impact analysis procedures (DPIA), notifications of breaches of privacy and fulfil requests from data subjects.

A.  

Creating a back-up of biometric data for data security purposes

B.  

Collecting name and address information for a gymnastics club

C.  

Editing personal photographs before printing them at home

A.  

When personal data is processed at a facility of the processor that is not located within the borders of the EEA

B.  

When personal data is processed by a party that agreed to the draft processing contract but has not yet signed it

C.  

When the system on which the personal data is processed is attacked causing damage to its storage devices

D.  

When there is a significant probability that the breach will lead to a high risk for the privacy of the data subjects

A.  

Direct personal data

B.  

Indirect personal data

C.  

Pseudonymized data

D.  

Special category personal data

A.  

To save the pages a user has bookmarked in the user’s browser history

B.  

To record every keystroke made by a computer user to find out passwords

C.  

To ensure that the user’s personal data are stored securely on the server

D.  

To personalize the user’s experience of the website during the next visit

A.  

False

B.  

True

A.  

Erase all personal data after the completion of treatment-related services, deleting existing copies.

B.  

Treat personal data only through documented instructions, including with regard to data transfers to third countries or international organizations.

C.  

Ensure that the persons authorized to process personal data have made a commitment to confidentiality.

D.  

Apply technical and organizational measures to ensure that only personal data that are necessary for each specific purpose of processing are processed.

A.  

An address list of members of a political party

B.  

A genealogical register of someone’s ancestors

C.  

A list of payments made using a credit card

A.  

Available personal data categories.

B.  

Rights categories of data subjects.

C.  

Categories of purposes for the processing of personal data.

D.  

Personal data categories.

A.  

Preservation of confidentiality, integrity and availability of information

B.  

Any information regarding an identified or identifiable natural person

C.  

Any information that European citizens want to protect

D.  

Data that directly or indirectly reveals racial or ethnic origins, someone’s religious views, and their data related to sexual health and habits

A.  

Not holding more data than is strictly required for processing

B.  

An indication of timeframes if processing relates to erasure

C.  

Data may only be collected for explicit and legitimate purposes

D.  

An approach that implements data protection from the start (Correct)

A.  

To the data processor

B.  

To the Data Protection Officer (DPO)

C.  

The supervisory authority

D.  

To the European Commission

A.  

A processor deletes personal data after his contract with the controller expired.

B.  

A processor leaves his computer unattended, where colleagues may be able to access it.

C.  

After a disk crash a processor restores personal data from a recent back-up.

D.  

After processing a processor deletes personal data on instruction of the controller.

A.  

A process for testing, assessing and regularly evaluating the effectiveness of technical and organizational measures to ensure safe treatment.

B.  

The processor assists the driver through technical and organizational measures to enable it to fulfill its obligation to respond to requests from data subjects.

C.  

The description of categories of data subjects and categories of personal data

D.  

The purpose of data processing

A.  

To all members of the contact list

B.  

To the Union staff

C.  

To the police

A.  

False

B.  

True

A.  

A ‘code of conduct’, describing what the processing exactly entails, must be in place.

B.  

The data subject must have given consent, prior to the processing to begin.

C.  

The processing must be reported to and allowed by the Data Processing Authority

D.  

There must be a legitimate ground for the processing of personal data.

A.  

Labor union association

B.  

Passport number

C.  

Credit card details

D.  

Social security number

A.  

Transfers based on the laws of the non-EEA country concerns

B.  

Transfers falling under World Trade Organization rules

C.  

Transfers governed by approved binding corporate rules (BCR)

D.  

Transfers within a global corporation or organization

A.  

The processor must show the controller that all demands agreed in the service level agreement (SLA) are met.

B.  

The controller and processor must draft and sign a written contract guaranteeing the confidentiality of the data.

C.  

The controller must ask the supervisory authority for permission to outsource the processing of the data.

D.  

The controller must ask the supervisory authority if the agreed written contract is compliant with the regulations.