This multiple choice assessment focuses on the General Data Protection Regulation (GDPR).
The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law.
Format: Multiple Choice
The result will be provided immediately, with details on all questions.
1. Recommended practices in data protection by design and by default are:
Data protection by design and by default practices are proactive, not reactive, and preventive, not corrective.
2. How is data protection by design and by default best described?
The objective of data protection by design and by default is to create systems and services that minimize data through settings that are data protection-friendly. According to the GDPR, the controller should adopt internal policies and implement measures that inter alia minimize the processing of personal data, pseudonymizing personal data as soon as possible. Therefore, according to data protection by design and by default, personal data should be automatically protected in any IT system or business practice from the start, so that users do not have to worry about configuring the product, service, or application toward dealing with their data protection needs.
3. The data protection by default is the process of having services that collect and process personal data disabled by default.
Data protection by default implies that services which collect and process personal data are disabled by default. These services get enabled only through the explicit choice of the data subject.
4. Which of the following is the privacy design strategy that promotes the restriction of processing of personal data?
According to the minimization privacy design strategy, the processing of personal data should be restricted to the minimal amount possible.
Identify the MOST appropriate lawful basis for processing:
5. The case when a portion of the data is removed or replaced with a common value is known as:
To keep the identity of these individuals anonymous, generalization is employed to remove a portion of the data, or in specific cases, replace a portion of the data with a common value. This is known as k-anonymity and it is an industry-standard model for protecting personal data.
6. If a person is assigned a fake name to protect their identity, which method has the organization employed?
Pseudonymization includes scrambling, encryption, masking, and tokenization. Without the use of additional information, personal data are processed in such a way that can no longer be attributed to a specific data subject.
7. While anonymization is reversible, the pseudonymization is not.
Data that has undergone pseudonymization is reversible, meaning that the original data can be retrieved with the use of additional information. On the other hand, anonymization is irreversible.
8. What is the DPO’s task, among others, regarding access control?
The DPO should review the access control policy and assess if it is documented and regularly reviewed. The DPO evaluates, and not enforce, the use of access control for the identification, authentication, and authorization of users. Lastly, the DPO provides advice, not implement, on authentication mechanisms.
