CDPO-Q4 – AllNet Law

This multiple choice assessment focuses on the General Data Protection Regulation (GDPR).

The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law.

Format: Multiple Choice

The result will be provided immediately, with details on all questions.

Full Name

Email

1. Who is responsible for notifying the supervisory authority in case of data breaches?

The data controller is held responsible for handling data subjects’ rights and notifying the supervisory authorities and data subjects in case of a data breach.

A. The DPO

B. The controller

C. The processor

2. Where two or more controllers jointly determine the purposes and means of processing, they are joint controllers. In case of noncompliance with the GDPR, all controllers are liable.

In case of failure to comply with the GDPR, all controllers jointly will be liable. The joint controllers should be transparent when determining their responsibilities accordingly.

A. True

B. False

3. What is the role of the processor?

‘Processor’ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

A. To advise the DPO of their data protection obligations and instructions given by the controller

B. To process data on behalf of a controller

C. To demonstrate that the processing operations performed are in accordance with the regulation

4) Company X is looking to carry out new clinical trials and is considering using study subjects from another research that they previously carried out.

Identify the MOST appropriate lawful basis for processing:

Public interest.

Business to business.

Explicit consent.

Contract

5. Why is gap analysis important for GDPR compliance?

It is recommended to initially follow a simplistic approach of understanding the GDPR in the context of the organization and not dive deep into its specific requirements. The gap analysis technique could be helpful in this regard.

A. Because its outcomes help determine the necessary qualifications that a DPO needs to possess in order to ensure lawful data processing

B. Because its outcomes are employed to determine the current state of organization’s compliance to GDPR and courses of action that need to be taken to achieve the desired state

C. Because its outcomes are employed to determine the general obligations that the controller needs to fulfill in relation to personal data processing

6. What is the first step of conducting gap analysis?

Gap analysis includes three steps: identify strategic objectives, identify current state and deficiencies, and develop an action plan.

A. Identification of strategic objectives

B. Identification of gaps

C. Identification of resources and processes with high materiality

7. Which statement is correct with regard to the GDPR scope?

The DPO should analyze if the organization has included the following within the GDPR scope: key characteristics of the organization related to the processing of data, description of the roles and responsibilities regarding the GDPR, material scope, territorial scope, and justification for exclusions.

A. From the analysis of the GDPR compliance program, the processor should obtain a clear definition of the GDPR scope

B. The DPO should ensure that, among others, the GDPR scope includes the material and territorial scope

C. The controller should ensure that the GDPR territorial scope applies only to organizations located in the EU