How To Comply
Your security team finds records of a data breach affecting half of your user base. To comply with GDPR, you should...
Alert the affected users within 3 days.
A user wants to know what their data is being used for. They are exercising their right to...
Be informed.
A security audit company finds that you do not request permission to track the user with cookies. Are you in violation of the GDPR?
Yes. You must ask permission to assign users tracking cookies.
Your company has grown from a small firm to a conglomerate in the last 2 years. What position should you be hiring to comply with GDPR?
A DPO (Data Protection Officer).
A user requests that you update a piece of their information that has recently changed. They are exercising their right to...
Correct.
A user has consented to you logging their IP address, name, and usage statistics. You use this information, in combination with a list provided by a local internet service provider, to find their address. Are you in violation of the GDPR?
Yes. They did not consent to you processing their address.
A user whose personal information you process informs you that they have had their name legally changed. What should you do?
Change your data to reflect their new name.
A user requests that you don't use their data to advertise to them. They are exercising their right to...
Object.
You have experienced a security breach because you have default passwords set on all of your router gateways. No personal data was leaked. Are you in violation of the GDPR?
Yes; you have not taken reasonable security measures (changing the default password) to prevent a breach.
Your company has written a program that processes some users' activity data and generates a daily activity report. Every time your program runs, it should...
Generate a log documenting what data was processed and when.
A user requests that you do not use their data to train AI models. They are exercising their right to...
Restrict.
You've written a program that processes user data and writes a log to the company servers every week. You have a major security incident and lose all of the data on your servers, as well as your backups. A week later, you have a security audit conducted and they ask you to show which data the program has processed. You no longer have those files. Are you in violation of the GDPR?
Yes, because you cannot demonstrate you are following the other GDPR principles.
Your website saves a small file to the user's web browser so you can know who they are next time they visit. You want to comply with GDPR. Before you leave them the file, you should do what?
Explicitly ask for consent.
A user asks that you send them a .zip file containing all the data you have collected concerning them. They are exercising their right to...
Request.
You own a small business with security cameras inside of your shop. A person walks into your shop, browses, then trips and falls flat on their face. They demand you delete the recording. You tell them they should have read the sign outside saying there is security cameras. They leave and a week later their lawyer serves you a lawsuit. Are you in violation of the GDPR?
No. Walking into the shop with the sign out front is a form of consent to being recorded, and recording your shop to prevent theft is a legitimate interest.