CDPO Q11 – AllNet Law

This multiple choice assessment focuses on the General Data Protection Regulation (GDPR).

The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law.

Format: Multiple Choice

The result will be provided immediately, with details on all questions.

Full Name

Email

1. What is the role of the DPO in relation to the data protection controls?

Tasks of the DPO related to the evaluation of the data protection controls is to review the planning and implementation of controls that need to meet data protection requirements, and monitor the maintenance of the documentation regarding the implemented controls.

A. Establish data protection controls

B. Introduce and implement data protection controls

C. Review and monitor data protection controls

2. What should the DPO do to ensure compliance with the GDPR, Article 6 Lawfulness of processing?

When evaluating the organization’s compliance with the GDPR’s Article 6, the DPO ensures, among others, that the organization has identified and documented the grounds for the lawful processing of personal data and the period for storage for data required.

A. Implement security controls to mitigate unacceptable risks

B. Identify and establish business requirements to limit and protect personal data

C. Ensure that the organization has identified and documented the period of storage for data required

3. The data subject has not given consent to process their email address to a company for monthly newsletters. This means that the data processing in this case is:

If the data subject does not give consent to a company to process their data for a specific purpose, such as sending monthly newsletters to them, then the processing of their data is unlawful. Companies should always obtain the data subject’s consent to process their data in order for the processing to be lawful.

A. Lawful

B. Unlawful

C. Necessary for the purposes of the legitimate interests

4. Which of these statements about consent under the GDPR is correct?

A consent is not considered as freely given if the company conditions the provision of service on consent to the processing of personal data. The data subjects have the right to withdraw their consent, at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

A. The consent must be specific, freely given, informed, and unambiguous

B. The company’s provision of service should be conditional on consent to the processing of personal data

C. Once the consent is given, the data subject cannot withdraw their consent

5. What is one of the DPO’s tasks concerning the consent of data subjects?

The controller is responsible for recording and maintaining the consents obtained and implementing procedures on how data subject’s consent is obtained.

A. Record and maintain the consents obtained

B. Ensure that the organization has informed the data subjects that the consent may be withdrawn

C. Implement procedures on how data subject’s consent is obtained

6. What is the DPO’s task, among others, regarding GDPR’s Article 21 Right to object?

The DPO should ensure that the organization has designed a system, method, or mechanism to identify the data that is not to be processed and implemented new handling or processing rules.

A. Ensure that the organization has a mechanism in place that identifies the data that is not to be processed

B. Implement a mechanism for informing the data subjects

C. Design and implement mechanisms to erase data