This multiple choice assessment focuses on the General Data Protection Regulation (GDPR).
The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law.
Format: Multiple Choice
The result will be provided immediately, with details on all questions.
1. The DPO has an ___________________ role in risk management.
The DPO has an advising and monitoring role in the general risk management process. They should have knowledge on the concepts of risks in order to help organizations ensure the protection of personal data.
2. What action should follow if risk assessment activities generate sufficient evidence that the determined actions will minimize a risk to an acceptable level?
The risk management process should be iterative for risk assessment and risk treatment activities. If the risk assessment activities have provided sufficient evidence that the determined actions will reduce the risk to an acceptable level, the next step is to implement risk treatment options.
3. What is the role of the DPO in risk identification?
The role of the DPO in risk identification is to help the organization identify the risk sources, threats, and their consequences. The organization should apply risk identification tools and techniques suitable to its objectives, capabilities, and risks faced.
4. What is the role of the DPO in risk acceptance?
The role of the DPO in risk acceptance is to help the organization determine if the risk is within the risk acceptance range.
5. What is taken into account when determining the level of risk for a certain incident scenario?
The level of risk should be determined for all relevant incident scenarios. The estimated risk is a combination of the likelihood of an incident scenario and its consequences.
6. What is the aim of the risk prioritization process?
Risk prioritization is the process of identifying risks that are likely to have a great impact on the organization. It supports decision-making by considering possible responses to various risks.
7. What is the role of the DPO in risk treatment?
The role of the DPO in risk treatment is to help the organization determine which risk treatment option to choose to address the identified risk.
8. What are residual risks?
Residual risks refer to the risks that remain in the system, and which are “accepted,” until they are recognized as unacceptable.
Scenario-based quiz 2: Sections 4-9
Yutosika is a consulting company. They create business and marketing plans for their clients who want to apply for grants. To provide their services, they need to process large amounts of personal information.
Following the introduction of the GDPR, the top management hired a DPO in order to transfer the accountability of the GDPR compliance to the DPO, as well as avoid fines that follow in case of failure to designate a DPO.
Yutosika’s Quantitative Analysis Department uses an online survey platform to measure public opinion on different topics. The platform is provided by a service provider based in the US. The newly appointed DPO was asked to provide advice on how to ensure that using the platform complies with the GDPR.
Considering that the initial steps of the GDPR compliance program can be more challenging, since the DPO does not have all the insights on company’s data protection posture, the DPO of Yutosika initiated the process of conducting a gap analysis. A number of gaps were identified during the process and the DPO identified a range of data protection threats, but the top management was not informed.
Based on the scenario above, answer the following questions:
- Which statement is incorrect?
The DPO is not responsible for GDPR compliance and cannot have such responsibility transferred to them, even if they agree to it.
2. Organizations that fail to designate a DPO and to whom the requirements of Article 37(1) of the GDPR apply can be subject to fines up to:
If the designation of the DPO is mandatory and the organization does not appoint one, it can be fined up to 10 million euros or up to 2% of the annual global turnover, whichever is higher.
3. Which of the following is one of the areas that Yutosika’s DPO should address when conducting the gap analysis?
The DPO is responsible for ensuring that the organization has adequate processes in place to respond to the data subject requests, where it is also the area where DPO addresses in the gap analysis from (Articles 12-23).
4. What advice would you provide to the company in order to ensure GDPR compliance when using the online survey platform, which is provided by the US-based service provider?
An agreement should be signed along with the records of processing activities in order to ensure GDPR compliance when using the online survey platform.
5. Should the DPO have informed the top management on data protection threats?
All data protection threats should be communicated to the top management. In addition, the DPO should assist and advise the top management in implementing preventive measures for data protection issues.
