MCQ Questions with Answers 2022

 Data Protection Impact Assessment MCQs

Note: The answers are marked in Red Bold.

Question 1: What does DPIA expand as?

  • Data Privacy Impact Assessment
  • Data Protection Impact Assessment
  • Data Privacy Identification Assessment
  • Data Protection Identification Assessment


Question 2: Does GDPR distinguish between B2B and B2C?

  • Yes
  • No, it applies to both
  • May be


Question 3: Processing of personal data is done on behalf of other companies. In this case, ITC Infotech is the:

  • Data Subject
  • Data Controller
  • Data Processor
  • Third Party


Question 4: Who is responsible under the GDPR to make a notification in the event of a data breach to the supervisory authority?

  • Data Subject
  • Data Processor
  • Data Controller
  • Delivery Manager

Question 5: As part of your current project you need to upload code to customer provided code repository on cloud. Which of the following will you NOT do?

  • Inform the Delivery manager and seek advice
  • Will not upload the test data to the cloud repository.
  • Check for appropriate access to the cloud repository folder
  • Upload test data to the cloud repository


Question 6: What is a best practice while dealing with test data? Choose the best option

  • Share test data with your team members for their testing
  • Create your own test data for use and maintain versions for future testing
  • Hard code test data values in code while testing
  • Ask customer for sharing test data and Delete test data after use


Question 7: “Right to be forgotten” is a Data subject right. Which is a correct explanation of this?

  • Entitles the data subject to have the data controller erase his/ her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data
  • Entitles the data controller to keep a copy of the personal data and share the personal data with third parties only based on data subject consent
  • Entitles the data subject to erase his/ her personal data by themselves
  • None of the above


Question 8: Which of the below is true in relation to Privacy Data Breach Incident?

  • A Privacy incident is a theft of an asset
  • A privacy incident results from the loss of personal information through any means. The term encompasses both suspected and confirmed incidents involving PII that raise a reasonable risk of harm.
  • A Privacy Incident is one that may not cause serious injury or harm to the individual and/or involves a few number of affected individuals
  • None of the above


Question 9: As part of your current project you need to upload code to customer provided code repository on cloud. Which of the following will you NOT do?

  • Inform the Delivery manager and seek advice
  • Will not upload the test data to the cloud repository.
  • Check for appropriate access to the cloud repository folder
  • Upload test data to the cloud repository


Question 10: Which of the below is true in relation to Privacy Data Breach Incident?

  • A Privacy incident is a theft of an asset
  • A privacy incident results from the loss of personal information through any means. The term encompasses both suspected and confirmed incidents involving PII that raise a reasonable risk of harm.
  • A Privacy Incident is one that may not cause serious injury or harm to the individual and/or involves a few number of affected individuals
  • None of the above


Question 11: As an employee, for GDPR compliance what is needed from you? Choose the best option

  • Sign the Employee Privacy Notice and Complete the GDPR training and assessment
  • Sign the Data Privacy Policy and Employee Privacy Notice
  • Complete the GDPR training and assessment only
  • Sign the Employee Privacy Notice and Employment Candidate Notice


Question 12: What does GDPR expand as?

  • General Data Privacy Regulation
  • Global Data Protection Regulation
  • General Data Protection Regulation
  • Global Data Privacy Registration


Question 13: Which of the following statements best describes what the General Data Protection Regulation is?

  • An update on the Data Protection Act 1998 which means personal data can only legally be collected and stored by companies that are certified in accordance with the GDPR regulations
  • A legal framework aimed at companies operating online in the EU, stipulating how and when companies are able to collect personal data
  • A legal framework relating to the collection, storage and usage of personal data, which applies to any organization doing business with EU citizens
  • A legal framework relating to the collection, storage and usage of personal data, which applies to any organization based in the UK or doing business with UK citizens


Question 14: In case of a data breach, GDPR requires the notification to be sent to authorities within?

  • 72 hours
  • 42 hours
  • 24 hours
  • 8 hours


Question 15: What are the penalties levied for non-compliance to GDPR for organizations?

  • Higher of EUR 20,000,000 or up to 4% of the worldwide annual turnover
  • Higher of EUR 20,000,000 or up to 2% of the worldwide annual turnover
  • Higher of EUR 40,000,000 or up to 2% of the worldwide annual turnover
  • Higher of EUR 40,000,000 or up to 4% of the worldwide annual turnover


Question 16: What are the types of personal data as defined under GDPR?

  • Personally Identifiable Information.
  • Special Categories of personal data.
  • Personally Identifiable Information & Special Categories of personal data.
  • Sensitive data.


Question 17: GDPR applies to?

  • People of all geographies
  • Every entity that holds or uses European personal data both inside and outside Europe.
  • American entities holding or using Personal Data
  • European entities that holds or uses European personal data both inside and outside Europe.


Question 18: In which scenarios, processing is done in the capacity of data controller?

  • Processing of ITC Infotech employee’s data
  • Processing of ITC Infotech employee's dependent's data
  • Processing of ITC Infotech customer’s data


Question 19: In which scenarios, processing is done in the capacity of data processor?

  • Processing of the employee’s data
  • Processing of the employee's dependent's data
  • Processing of the customer’s data


Question 20: Under the General Data Protection Regulation (GDPR), ‘sensitive personal data’ is referred to as ‘special categories of personal data’. Processing of special categories of personal data is subject to stricter conditions under the GDPR. Which of the following is not an example of a special category of personal data?

  • Ethnicity
  • Religious beliefs
  • Biometric information
  • Date of Birth


Question 21: Which data are NOT considered ‘personal data' under the GDPR?

  • Name
  • Date of Birth
  • Phone number
  • Ethnicity


Question 22: Which of the following is available on the company’s website?

  • Data Privacy Policy
  • Employee Privacy Notice
  • Employment candidate Privacy Notice
  • Website Privacy Policy

No comments:

Post a Comment