GDPR Basics
Data Analyst Responsibilities
GDPR Fun Facts
Security Measures
100

True or False: GDPR applies only to companies inside the EU

False. GDPR applies to any company processing the data of EU residents, regardless of where the company is based.

100

True or False: Anonymized data is exempt from GDPR.

True. Anonymized data, which cannot be used to identify a person, is exempt from GDPR.

100

True or False: The GDPR allows individuals to request the deletion of their personal data if they withdraw consent for its use.

True. (Individuals have the right to request deletion under certain circumstances.)

100

True or False: Employees must be trained on GDPR compliance and data protection measures regularly.

True. Ongoing training is essential for compliance and ensuring all staff understand their responsibilities.

200

What does GDPR stand for?

General Data Protection Regulation

200

How should data analysts approach consent for using personal data?

A) Assume consent is given unless explicitly denied

B) Obtain clear and explicit consent from individuals before processing their data

C) Use personal data for analysis without informing individuals

B) Obtain clear and explicit consent from individuals before processing their data.

200

Which of the following is NOT a right granted to individuals under GDPR? 

A) Right to access

B) Right to erasure

C) Right to data portability

D) Right to financial compensation for data breaches

D) Right to financial compensation for data breaches.

200

True or False: GDPR compliance is solely the responsibility of the legal department.

False. Compliance is a collective responsibility involving multiple departments, including marketing, legal, and data analytics.

300

True or False: Data subjects have the right to request that their personal data be deleted. 

True: This is the right to erasure, also known as the "right to be forgotten." 

300

When analysing customer data, which GDPR principle must data analysts be particularly mindful of to ensure compliance? 

A) The principle of data minimisation 

B) Retain the processed data sets to refer back if someone queries your analysis

C) Don't use open source tools like Python / R and keep to well supported software such as Power BI and Microsoft SQL Server

A) The principle of data minimization—ensuring that only the necessary data is collected and analysed

300

Which company was fined €50 million by the French data protection authority in 2019 for failing to comply with GDPR transparency requirements? 

A) Facebook

B) Google

C) Amazon

B) Google

300

True or False: Password-protecting data is sufficient to comply with GDPR's security measures

False. Password protection alone is not enough; GDPR requires appropriate technical and organizational measures, such as encryption, access controls, and regular audits. 

400

True or False: GDPR requires businesses to report data breaches within 24 hours.

False. Businesses must report data breaches within 72 hours of becoming aware of the breach.

400

How should data analysts document their processing activities to comply with GDPR? 

A) They should keep informal notes in a personal diary

B) Maintain a formal record of processing activities, including data types, purposes, and retention periods

C) Document only when requested by management

B) Maintain a formal record of processing activities, including data types, purposes, and retention periods.

400

Which social media platform faced a GDPR-related inquiry in 2020 regarding its handling of user data?

A) Instagram

B) TikTok

C) Twitter

 

B) TikTok

400

True or False: Encryption of personal data is required under GDPR.

False. Encryption is recommended but not explicitly required in every situation under GDPR.

500

What is the primary objective of GDPR? 

A) To protect the rights of EU citizens regarding their personal data

B) To regulate how companies use customer data for marketing

C) To impose fines on companies that misuse data

Answer: A) To protect the rights of EU citizens regarding their personal data

500

You are asked to analyze data from a customer survey that includes personal information. What steps would you take to ensure compliance with GDPR? 

A) Analyze the data without restrictions as long as it's for internal use

B) Remove personal identifiers and ensure you have consent from respondents to use their data

C) Use the data as long as you inform management about its use

B) Remove personal identifiers and ensure you have consent from respondents to use their data.

500

What percentage of businesses reported a positive impact on customer trust after implementing GDPR-compliant practices? 

A) 25%

B) 50%

C) 75%

C) 75%. (Many companies found that complying with GDPR helped build customer trust.)

500

Companies can share personal data with third parties without any GDPR compliance checks as long as the data is anonymized

False. Anonymization must be done correctly, and sharing requires careful consideration of GDPR principles and checks.

M
e
n
u