Information Security Session # 10

13 Mar

Information Security Session # 10

by Cybrone Solutions

Comments

Welcome to your Information Security Session # 10

Name

What is a potential penalty for non-compliance with GDPR?

a) A warning

b) A fine up to €10 million or 2% of global turnover

c) A public apology

d) Suspension of business operations

None

Who is primarily responsible for ensuring that data protection laws are followed within an organization?

a) The data processor

b) The data subject

c) The data controller

d) The supervisory authority

None

What does "Data Portability" mean under GDPR?

a) The ability to share data with others without restrictions

b) The ability to delete personal data from any system

c) The ability to move personal data between different service providers

d) The ability to modify personal data at will

None

Which of the following is a requirement for obtaining valid consent under GDPR?

a) Consent must be vague and general

b) Consent must be obtained through a clear and affirmative action

c) Consent can be implied in all cases

d) Consent cannot be withdrawn

None

What does the "Right to Rectification" allow individuals to do?

a) Correct their personal data if it is inaccurate or incomplete

b) Transfer their personal data to another company

c) Delete their personal data from all systems

d) Block access to their personal data

None

Which of the following is a legal basis for processing personal data under GDPR?

a) Consent

b) Contractual necessity

c) Legal obligation

d) All of the above

None

When should organizations have Data Processing Agreements (DPAs) with third-party vendors?

a) Only when processing health data

b) Only when the vendor has access to personal data

c) If the vendor is based outside the EU

d) It is not necessary to have a DPA

None

Which of the following best describes the concept of "data minimization"?

a) Collecting all available data to ensure sufficient information is gathered

b) Collecting only the personal data necessary for the specific purpose

c) Sharing personal data widely with third parties

d) Encrypting all data for security

None

What is required for an organization to transfer personal data to a third country outside the EU?

a) No specific requirements are necessary

b) The third country must have an adequacy decision from the EU

c) The data subject must consent to the transfer

d) The organization must encrypt the data before transferring

None

10.

What is the timeframe for organizations to report a data breach to the relevant supervisory authority?

a) Within 48 hours

b) Within 72 hours

c) Within 5 days

d) Within 14 days

None

11.

What right allows individuals to know if their personal data is being processed by an organization?

A) Right to erasure

B) Right to access

C) Right to rectification

D) Right to data portability

None

12.

What does the "Right to be Forgotten" allow individuals to do?

A) Correct incorrect personal data

B) Request deletion of their personal data in certain cases

C) Access all their personal data at any time

D) Share their data freely with any third party

None

13.

How many articles are there in the GDPR regulation?

A) 50

B) 80

C) 99

D) 120

None

14.

Which of the following is not a key principle of GDPR?

A) Data minimization

B) Purpose limitation

C) Data monetization

D) Integrity and confidentiality

None

15.

What is a key requirement for organizations in terms of data security under GDPR?

a) They must encrypt all personal data

b) They must prevent all third-party access to data

c) They must implement appropriate technical and organizational measures to ensure data protection

d) They must delete data every 30 days

None

16.

What does the principle of "Data Protection by Design" require organizations to do?

a) Collect only the data needed for the processing

b) Ensure data protection is incorporated into systems and processes from the start

c) Share data with third parties without restrictions

d) Only process data with user consent

None

17.

What type of data is considered "special category" data under GDPR?

a) Email address

b) Phone number

c) Health data

d) Job title

None

18.

What is the maximum fine for the most severe violations of GDPR?

a) €10 million or 2% of global turnover

b) €50 million

c) €20 million or 4% of global turnover

d) €1 million

None

19.

GDPR applies to organizations based in which of the following regions?

A) Only the European Union

B) Only the United States

C) Only the United Kingdom

D) Organizations based in the EU and outside the EU offering goods/services to EU residents

None

20.

Which of the following rights allows individuals to prevent organizations from processing their personal data for certain purposes?

a) Right to object

b) Right to access

c) Right to erasure

d) Right to rectification

None

Thank you for the Quiz, Kindly check your email for the result.
Good Luck!