GDPR Basics
What does GDPR stand for?
General Data Protection Regulation
Name one way to protect printed documents containing personal information.
Store them in a locked drawer or shred them when no longer needed.
What right allows you to see what data a company holds about you?
Right of Access.
You receive an email from your "bank" asking for your login details. What should you do?
Do not reply and report it as a phishing attempt.
“Only hackers are a risk to data security.”
Myth. Insider threats and human error are also risks.
Name one of the main purposes of the GDPR.
To protect personal data for EU residents.
True or False: I should reuse my password in different websites. Especially password used for professional purposes.
False.
What can you ask a company to do if your personal data is incorrect?
Correct or update it.
You’re working from home, and your roommate asks about some company data on your screen. What do you say?
Politely explain that you can’t share work-related information.
“If I delete an email, the data is completely gone.”
Myth. Data might still be recoverable from backups.
What is considered "personal data" under the GDPR?
Any information relating to an identified or identifiable natural person. Examples include name, email address, phone number, or home address.
If you’re leaving your desk, what should you do with your computer?
Lock it or log out.
True or False: You can ask a company to delete your personal data if it’s no longer needed.
True.
You accidentally send an email containing personal data to the wrong person. What’s the first thing you should do?
Report it to your manager and Local Data Protection Coordinator immediately.
“It’s okay to use the same password for everything.”
Myth. Unique passwords should be used for each account.
What is considered “sensitive personal data” under GDPR? (Name one example.)
Examples include health data, racial or ethnic origin, religious beliefs, or sexual orientation.
Who should you notify in the event of a data breach involving personal data?
What right permits data subjects to move their data between controllers?
Right to Data Portability.
Should you use your personal email to share work-related documents?
No, only use approved work channels.
“Sharing data internally in the company doesn’t need permission.”
Myth. Data sharing should still be for valid purposes.
Name one thing you should not do with personal data.
Share it with others without permission or store it in insecure locations.
Within how many hours must a data breach be reported to the Supervisory Authority?
72 hours.
Do we have a Data Subject's Rights Request form?
Yes we do. Check our institutional website and Intranet. Also, you can contact your Local Data Protection Coordinator and Group DPO.
You’re asked to collect personal information from customers. What’s one thing you should ensure before doing so?
Make sure you have a legitimate reason and inform them why the data is needed.
“Data breaches only affect companies.”
Myth. Individuals can also be affected and lose personal information.