Data Protection Basics
Data Protection Basics Part 2
Data Breach
Personal & Sensitive Personal Data
Data Protection Principles - Scenarios
100

Who is responsible for data protection at St Christopher’s School?

A). Data Compliance Officer; B). IT Department; C). Teachers; D). All staff

D). All staff

100

What does the acronym GDPR stand for? 

General Data Protection Regulations

100

What is the name of the data protection authority in Bahrain?

Personal Data Protection Authority (PDPA) 
100

Marketing@abcbank.com 

This is an example of personal data. 

True or false?

False 

100

A school holds on to the personal data of all former students indefinitely, even when it no longer needs the data for any educational purpose. Which data protection principle is being violated?

A). Purpose limitation; B). Storage limitation, C). Accuracy, D). Lawfulness, fairness, and transparency

B). Storage limitation

200

When should we monitor and protect personal data during the School year?

A). At the start of the year 

B). At the end of the year 

C). Ongoing, throughout the year

D). Whenever a data breach occurs

C). Ongoing, throughout the year

200

A parent of a student named Emily requests to see all the personal data the School holds about Emily (including her grades, attendance records, health / disciplinary information). Which data subject right is Emily’s parent exercising?

A). Right to erasure; B). Right to rectification; C). Right of access; D). Right to object

C). Right of access

200

Do all data breaches need to be reported to the Authority?

No. Only breaches likely to result in a risk to the rights and freedoms of natural persons need to be reported to the Authority. But all data breaches must be recorded internally (including a record of how the breach was assessed).

200

CCTV footage is an example of personal data. 

True or false?

True

200

A school stores students' personal data, including health records, in an online system. However, the system lacks security measures, making it easy for unauthorized users to access sensitive information. Which data protection principle is the school violating?

A). Integrity and confidentiality; B). Data minimisation; C). Purpose limitation; D). Accuracy

A). Integrity and confidentiality

300

Does data protection law apply to hard copy or electronic records?

Applies to both hard copy and electronic records (any records which are maintained in a 'filing system')

300

This is a form of social engineering and a scam, where attackers deceive people into revealing sensitive information, or installing malware on their devices. What is this process called?


Phishing

300

How many hours do we have to report a data breach to the Authority?

A). 24 hours; B). 36 hours; C). 48 hours; D). 72 hours

D). 72 hours

300

Anonymous customer feedback survey is an example of personal data. 

True or false?

False

300

A school collects students’ personal data, such as names, addresses, and health information, when they enrol. However, the School does not inform the parents about how the data will be used or that it will be shared with third-party vendors. Which data protection principle is the school violating?

A). Integrity and confidentiality; B). Purpose limitation; C). Lawfulness, fairness, and transparency, D). Data minimisation

C). Lawfulness, fairness, and transparency

400

Does simply being able to access the data (data accessible to you on your drive / in your possession) also fall under the definition of ‘processing personal data’?

A). Yes; B). No 

Yes! 

400

These are small text files that websites place on your device as you are browsing. They are the primary tool that advertisers use to track your online activity so that they can target you with highly specific ads. What are these files called?


Cookies

400

This American whistle blower and former NSA intelligence contractor leaked classified documents revealing the existence of mass surveillance programs in the US in 2013.

Edward Snowden

400

Location data is an example of personal data. 

True or false?

True

400

A school asks for the names, home addresses, phone numbers, and detailed family income records of all students applying for a scholarship. However, only the students’ grades and household income range are necessary for the scholarship application. Which data protection principle is the school violating?

A). Accuracy; B). Integrity and confidentiality; C).
Data minimisation; D). Storage limitation

C). Data minimisation

500

What does the acronym PDPL stand for?

Personal Data Protection Law 

500

The process of converting information / data into a code that only authorised parties can decode. This is an example of a security control that can be applied to personal data. What is the process called?

 

Encryption

500

In 2023, the Irish Data Protection Commission imposed a historic fine of €1.2 billion on this US technology social media company for transferring personal data of European users to the US without adequate data protection mechanisms. I bet they didn't 'like' that much! 

Meta / formerly known as Facebook

500

Provide 3 examples of sensitive personal data. 

Examples could include: Race / ethnic origin, nationality, religion, political / philosophical beliefs, trade union memberships, health data, criminal data, biometric data, etc.

500

A school collects students' information for the purpose of managing class schedules. Later, without informing parents, the school decides to use the same data for targeted advertising for an upcoming fundraiser. Which data protection principle is being violated?

A). Accuracy; B). Purpose limitation; C). Data minimisation; D). Storage limitation

B). Purpose limitation

M
e
n
u