This multiple choice assessment focuses on the new General Data Protection Regulation (GDPR).

The purpose of the assessment is to enable you to assess the extent and depth of your knowledge of the Data Protection Law in preparation for the DPL.

Format: Multiple Choice

Time: 90 minutes

The result will be provided immediately, with details on all questions.

1) Which of the following is NOT one of the GDPR data protection principles?

2) When processing personal data under the authority of the controller or processor, a processor may process data on instructions from the controller and also:

3) What is the purpose of Pseudonymisation?

4) Company X is looking to carry out new clinical trials and is considering using study subjects from another research that they previously carried out.

Identify the MOST appropriate lawful basis for processing:

5) Which of the following Article 9 (GDPR) conditions of processing may be used to store health data after the completion of the study?

6) Which of the following would definitely not be special category data?

7) What does Data Minimisation mean?

8) "It's not enough to just follow the Regulation, you also need to PROVE that you're following the Regulation". Which Principle of the GDPR does this apply to?

9) Based on Article 5(1)(b) of the GDPR, what is the impact of the interpretation of the word 'incompatible'?

10) A research company has an email subscription scheme which allows study subjects to provide their name and email address in order to receive news about a study. Unknown to the subjects the company also sells this data to other organisations who develop medical apps. This is a breach of which Principle of the GDPR?