GDPR Basics
True or False: GDPR applies only to companies inside the EU
False. GDPR applies to any company processing the data of EU residents, regardless of where the company is based.
True or False: Anonymized data is exempt from GDPR.
True. Anonymized data, which cannot be used to identify a person, is exempt from GDPR.
True or False: The GDPR allows individuals to request the deletion of their personal data if they withdraw consent for its use.
True. (Individuals have the right to request deletion under certain circumstances.)
True or False: Employees must be trained on GDPR compliance and data protection measures regularly.
True. Ongoing training is essential for compliance and ensuring all staff understand their responsibilities.
What does GDPR stand for?
General Data Protection Regulation
How should data analysts approach consent for using personal data?
A) Assume consent is given unless explicitly denied
B) Obtain clear and explicit consent from individuals before processing their data
C) Use personal data for analysis without informing individuals
B) Obtain clear and explicit consent from individuals before processing their data.
Which of the following is NOT a right granted to individuals under GDPR?
A) Right to access
B) Right to erasure
C) Right to data portability
D) Right to financial compensation for data breaches
D) Right to financial compensation for data breaches.
True or False: GDPR compliance is solely the responsibility of the legal department.
False. Compliance is a collective responsibility involving multiple departments, including marketing, legal, and data analytics.
True or False: Data subjects have the right to request that their personal data be deleted.
True: This is the right to erasure, also known as the "right to be forgotten."
When analysing customer data, which GDPR principle must data analysts be particularly mindful of to ensure compliance?
A) The principle of data minimisation
B) Retain the processed data sets to refer back if someone queries your analysis
C) Don't use open source tools like Python / R and keep to well supported software such as Power BI and Microsoft SQL Server
A) The principle of data minimization—ensuring that only the necessary data is collected and analysed
Which company was fined €50 million by the French data protection authority in 2019 for failing to comply with GDPR transparency requirements?
A) Facebook
B) Google
C) Amazon
B) Google
True or False: Password-protecting data is sufficient to comply with GDPR's security measures
False. Password protection alone is not enough; GDPR requires appropriate technical and organizational measures, such as encryption, access controls, and regular audits.
True or False: GDPR requires businesses to report data breaches within 24 hours.
False. Businesses must report data breaches within 72 hours of becoming aware of the breach.
How should data analysts document their processing activities to comply with GDPR?
A) They should keep informal notes in a personal diary
B) Maintain a formal record of processing activities, including data types, purposes, and retention periods
C) Document only when requested by management
B) Maintain a formal record of processing activities, including data types, purposes, and retention periods.
Which social media platform faced a GDPR-related inquiry in 2020 regarding its handling of user data?
A) Instagram
B) TikTok
C) Twitter
B) TikTok
True or False: Encryption of personal data is required under GDPR.
False. Encryption is recommended but not explicitly required in every situation under GDPR.
What is the primary objective of GDPR?
A) To protect the rights of EU citizens regarding their personal data
B) To regulate how companies use customer data for marketing
C) To impose fines on companies that misuse data
Answer: A) To protect the rights of EU citizens regarding their personal data
You are asked to analyze data from a customer survey that includes personal information. What steps would you take to ensure compliance with GDPR?
A) Analyze the data without restrictions as long as it's for internal use
B) Remove personal identifiers and ensure you have consent from respondents to use their data
C) Use the data as long as you inform management about its use
B) Remove personal identifiers and ensure you have consent from respondents to use their data.
What percentage of businesses reported a positive impact on customer trust after implementing GDPR-compliant practices?
A) 25%
B) 50%
C) 75%
C) 75%. (Many companies found that complying with GDPR helped build customer trust.)
Companies can share personal data with third parties without any GDPR compliance checks as long as the data is anonymized
False. Anonymization must be done correctly, and sharing requires careful consideration of GDPR principles and checks.