Data Protection Impact Assessment MCQs
Note: The answers are marked in Red Bold.
Question 1: What does DPIA expand as?
- Data Privacy Impact Assessment
- Data Protection Impact Assessment
- Data Privacy Identification Assessment
- Data Protection Identification Assessment
Question 2: Does GDPR distinguish between B2B and B2C?
- Yes
- No, it applies to both
- May be
Question 3: Processing of personal data is done on behalf
of other companies. In this case, ITC Infotech is the:
- Data Subject
- Data Controller
- Data Processor
- Third Party
Question 4: Who is responsible under the GDPR to make a
notification in the event of a data breach to the supervisory authority?
- Data Subject
- Data Processor
- Data Controller
- Delivery Manager
Question 5: As part of your current project you need to
upload code to customer provided code repository on cloud. Which of the
following will you NOT do?
- Inform the Delivery manager and seek advice
- Will not upload the test data to the cloud repository.
- Check for appropriate access to the cloud repository folder
- Upload test data to the cloud repository
Question 6: What is a best practice while dealing with
test data? Choose the best option
- Share test data with your team members for their testing
- Create your own test data for use and maintain versions for future testing
- Hard code test data values in code while testing
- Ask customer for sharing test data and Delete test data after use
Question 7: “Right to be forgotten” is a Data subject
right. Which is a correct explanation of this?
- Entitles the data subject to have the data controller erase his/ her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data
- Entitles the data controller to keep a copy of the personal data and share the personal data with third parties only based on data subject consent
- Entitles the data subject to erase his/ her personal data by themselves
- None of the above
Question 8: Which of the below is true in relation to
Privacy Data Breach Incident?
- A Privacy incident is a theft of an asset
- A privacy incident results from the loss of personal information through any means. The term encompasses both suspected and confirmed incidents involving PII that raise a reasonable risk of harm.
- A Privacy Incident is one that may not cause serious injury or harm to the individual and/or involves a few number of affected individuals
- None of the above
Question 9: As part of your current project you need to
upload code to customer provided code repository on cloud. Which of the
following will you NOT do?
- Inform the Delivery manager and seek advice
- Will not upload the test data to the cloud repository.
- Check for appropriate access to the cloud repository folder
- Upload test data to the cloud repository
Question 10: Which of the below is true in relation to Privacy Data
Breach Incident?
- A Privacy incident is a theft of an asset
- A privacy incident results from the loss of personal information through any means. The term encompasses both suspected and confirmed incidents involving PII that raise a reasonable risk of harm.
- A Privacy Incident is one that may not cause serious injury or harm to the individual and/or involves a few number of affected individuals
- None of the above
Question 11: As an employee, for GDPR compliance what is
needed from you? Choose the best option
- Sign the Employee Privacy Notice and Complete the GDPR training and assessment
- Sign the Data Privacy Policy and Employee Privacy Notice
- Complete the GDPR training and assessment only
- Sign the Employee Privacy Notice and Employment Candidate Notice
Question 12: What does GDPR expand as?
- General Data Privacy Regulation
- Global Data Protection Regulation
- General Data Protection Regulation
- Global Data Privacy Registration
Question 13: Which of the following statements best
describes what the General Data Protection Regulation is?
- An update on the Data Protection Act 1998 which means personal data can only legally be collected and stored by companies that are certified in accordance with the GDPR regulations
- A legal framework aimed at companies operating online in the EU, stipulating how and when companies are able to collect personal data
- A legal framework relating to the collection, storage and usage of personal data, which applies to any organization doing business with EU citizens
- A legal framework relating to the collection, storage and usage of personal data, which applies to any organization based in the UK or doing business with UK citizens
Question 14: In case of a data breach, GDPR requires the
notification to be sent to authorities within?
- 72 hours
- 42 hours
- 24 hours
- 8 hours
Question 15: What are the penalties levied for
non-compliance to GDPR for organizations?
- Higher of EUR 20,000,000 or up to 4% of the worldwide annual turnover
- Higher of EUR 20,000,000 or up to 2% of the worldwide annual turnover
- Higher of EUR 40,000,000 or up to 2% of the worldwide annual turnover
- Higher of EUR 40,000,000 or up to 4% of the worldwide annual turnover
Question 16: What are the types of personal data
as defined under GDPR?
- Personally Identifiable Information.
- Special Categories of personal data.
- Personally Identifiable Information & Special Categories of personal data.
- Sensitive data.
Question 17: GDPR applies to?
- People of all geographies
- Every entity that holds or uses European personal data both inside and outside Europe.
- American entities holding or using Personal Data
- European entities that holds or uses European personal data both inside and outside Europe.
Question 18: In which scenarios, processing is done in
the capacity of data controller?
- Processing of ITC Infotech employee’s data
- Processing of ITC Infotech employee's dependent's data
- Processing of ITC Infotech customer’s data
Question 19: In which scenarios, processing is done in
the capacity of data processor?
- Processing of the employee’s data
- Processing of the employee's dependent's data
- Processing of the customer’s data
Question 20: Under the General Data Protection Regulation
(GDPR), ‘sensitive personal data’ is referred to as ‘special categories of
personal data’. Processing of special categories of personal data is subject to
stricter conditions under the GDPR. Which of the following is not an example of
a special category of personal data?
- Ethnicity
- Religious beliefs
- Biometric information
- Date of Birth
Question 21: Which data are NOT considered ‘personal
data' under the GDPR?
- Name
- Date of Birth
- Phone number
- Ethnicity
Question 22: Which of the following is available on the company’s
website?
- Data Privacy Policy
- Employee Privacy Notice
- Employment candidate Privacy Notice
- Website Privacy Policy