CDPO Q9 – AllNet Law

This multiple choice assessment focuses on the General Data Protection Regulation (GDPR).

The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law.

Format: Multiple Choice

The result will be provided immediately, with details on all questions.

Full Name

Email

1. According to the GDPR, when is the data protection impact assessment (DPIA) obligatory?

When a public area, rather than a private area, is monitored on a large scale, DPIA is obligatory. Similarly, if the processing of data that might result in a high risk to the rights and freedoms of people, then the DPIA must be conducted.

A. When a private area is monitored on a large scale

B. When the organization undertakes processing of data that do not result in a high risk to the rights and freedoms of people

C. When the organization undertakes processing of data that might result in a high risk to the rights and freedoms of people

2. What is the task of a supervisory authority regarding the DPIA?

According to article 35 of GDPR, the supervisory authority is obliged to publish a list of the type of processing operations that will be subject to the DPIA. In addition, the supervisory authority may also publish a list of the type of processing operations that do not require a DPIA.

A. Seek the advice of the DPO when carrying out the DPIA

B. Publish the list of the type of processing operations that are subject to the DPIA

C. Carry out a review to assess if processing is performed in accordance with the DPIA

3. The DPO must demand advice from the controller when conducting a DPIA.

The DPO should give advice to the controller regarding whether or not to conduct a DPIA.

A. True

B. False

4. The DPIA aims to help build and demonstrate compliance with the GDPR by allowing the controller to:

The main purpose of conducting a DPIA is to analyze processing of personal data and determine the level of risk. DPIA is a process that identifies, evaluates, and reduces data protection risks.

A. Identify, evaluate, and reduce risks related to data protection

B. Eliminate the risks of data breaches

C. Observe how effective has the organization been in addressing threats

5. If DPIA does not contain measures that manage risks to an acceptable level, then the controller should contact the supervisory authority.

In case the DPIA does not contain the measures envisaged to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with the GDPR, or if the DPIA contains the measures envisaged to address the risks but presents high risks even taking these controls into account, then the supervisory authority must be contacted.

A. True

B. False

6. Which data protection solution is about sharing certain risks with external parties, such as insurance or outsourcing?

A. Risk reduction

B. Risk transfer

C. Risk retention

7. After the DPIA is conducted, who is responsible for drafting the DPIA report?

After the conduct of the DPIA, the DPO should ensure that a good DPIA report has been written.

A. The controller

B. The processor

C. The DPO