Which of these options is an example of a data breach?
A. Transfer of personal data outside the EU
B. Loss of personal data
C. A security incident related to corporate data.
Which of the following options is provided for in the GDPR and can be made by Member States?
A. Approve national provisions for implementation of GDPR.
B. Forcing the controller to notify the data subject of a breach.
C. Audit controller and processor safety processes.
D. Penalize controllers and processors.
How is Data Lifecycle Management (DLM) related to data protection?
A. The DLM makes it possible to create a profile of the data subject.
B. DLM manages the data flow throughout its life cycle.
C. DLM makes it possible to know the risks and plans how to mitigate them.
According to the GDPR, in what situation must data subjects always be notified of a personal data breach?
A. When personal data is processed at a facility of the processor that is not located within the borders of the EEA
B. When personal data is processed by a party that agreed to the draft processing contract but has not yet signed it
C. When the system on which the personal data is processed is attacked causing damage to its storage devices
D. When there is a significant probability that the breach will lead to a high risk for the privacy of the data subjects
A controller wants to outsource processing of personal data to a processor. What must be done before outsourcing?
A. The processor must show the controller that all demands agreed in the service level agreement (SLA) are met.
B. The controller and processor must draft and sign a written contract guaranteeing the confidentiality of the data.
C. The controller must ask the supervisory authority for permission to outsource the processing of the data.
D. The controller must ask the supervisory authority if the agreed written contract is compliant with the regulations.
What is the purpose of a data protection audit by the supervisory authority?
A. To monitor and enforce the application of the GDPR by assessing that processing is performed in compliance with the GDPR.
B. To fulfill the obligation in the GDPR to implement appropriate technical and organizational measures for data protection.
C. To advise the controller on the mitigation of privacy risks to protect the controller from liability claims for non-compliance.
According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?
A. When a project includes technologies or processes that use personal data
B. When processing is likely to result in a high risk to the rights of data subjects
C. When similar processing operations with comparable risks are repeated
What is the relationship between data protection and privacy?
A. Data protection and privacy are synonyms and have the same meaning.
B. Data protection refers to the measures needed to protect a person's privacy.
C. Data protection is the part of privacy that protects a person's physical integrity.