GDPR Jeopardy Template

Definitions

Principles

Practical Stuff

Data Stuff

Compliance

100

What does GDPR stand for?

General Data Protection Regulations

100

How many principles to GDPR?

6 Principles

100

How long do we have following a Data Breach do we have to inform the ICO?

72 Hours

100

Who is the ICO?

Information Commissioners Office

100

What should I do if I know I've breached Client's Data?

Tell your DPO, ensure Compliance know as they need to report within 72 hrs.

If you don't, you've breached our Data Policy and could be subject to disciplinary

200

The date that GDPR comes into force

25th May 2018

200

What Article number are the Principles contained in?

Article 5

200

When we print a duplicate document letter off the printer - where should we put the copy not being sent or placed on file?

Always the shredder.....never the bin

200

What's the maximum fine that can be made for Data breaches?

Up to 2% of their annual worldwide revenue, or €10 million, whichever is higher.

For more serious breaches it's 4% or 20m Euro

200

Can I work on the bus or train on the way to work?

Yeah, but you must be sure that it's safe to do so and that client's data is fully safeguarded.

300

What type of Data is a date of birth... personal or sensitive?

Personal

300

Does Google comply with GDPR?

Rarely

300

Is internal communication covered under GDPR?

Yeah......if it can identify the client. (ps. Could be their ref...not necessarily their name that identifies them)

300

Do you have to tell your client where you are sending their data if you outsource to India for data cleaning?

Yep!

300

Which is a better way to keep your client's data private?

Use an anonymous reference number and keep that reference number in a separate file OR

Use a code name that ONLY you understand

Anonymous reference number

400

What's a SAR?

Subject Access Request

400

Does the US have to comply to GDPR rules?

Yep! All EU citizens are protected. Doesn't matter what soil they're on.

400

You should only lock your screen when you go away from your desk for more than 30 mins?

No, in theory it's every time you are away from your desk?

400

What happens if you copy your work files onto your personal computer?

Double, double toil and trouble, fire burn and cauldron bubble

400

The person/organization responsible for the purpose and manner in which the data is processed. They also have responsibility for looking after the Data.

They are defined as the .....?

Data Controller

500

Under GDPR, when we use a lawyer...are they a Data Controller or Processor?

Data Controller

500

GDPR is...

Consumer or Business Centric?

Consumer centric

500

Can you leave detailed messages on a Customer's voicemail?

No...as you don't know who's going to pick the message up!

500

Should Client's data be always up to date on our systems?

Yes....it's one of the 6 Principles.

500

A person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Data Processor