GDPR Basics
True or False: GDPR stands for...
False: General Data Protection Regulation in force in Europe.
Name one way to protect printed documents containing personal information:
A) Leave them on your desk for easy access
B) Store them in a locked drawer or filing cabinet
C) Share them with anyone who asks
B! Storing printed documents in a locked drawer or filing cabinet helps keep personal information safe from unauthorized access.
True or False.
The right that allows you under GDPR to see what data a company holds about you is the Right to Be Nosy – Because everyone loves a good snoop!
Right of Access (Article 15 GDPR): the right to obtain information about the personal data that a company or organization holds about them. This right empowers individuals to understand what personal data is collected, how it is used, and whether it is being shared with third parties.
You receive an email from your "bank" asking for your login details. What should you do?
A) Reply with your login details—better safe than sorry, right?
B) Ignore the email and pretend it never happened (bye-bye, shady email!)
C) Channel your inner detective and call your bank to check if it's for real!
C! Channel your inner detective and call your bank. No bank will ask for your login details via email. It’s probably a phishing scam, so always double-check with the bank before you share any personal info!
“Only hackers are a risk to data security.”
Myth. Insider threats and human error are also risks.
True or False: Personal data is...
False:
From your name and phone number to your favorite cat meme and IP Address.
Basically, any information relating to an identified or identifiable natural person.
If you’re leaving your desk, what should you do with your computer?
Lock it or log out.
True or False: Under GDPR you can ask a company to delete your personal data if it’s no longer needed.
True.
The right to be forgotten, also known as the right to erasure, is a fundamental right granted to individuals under the Article 17 of the GDPR, and allows individuals to request that an organization delete their personal data under specific circumstances.
You accidentally send an email containing personal data to the wrong person. What’s the first thing you should do?
A) Hope they don’t notice and move on with your day!
B) Hit “undo” and pretend it never happened!
C) Immediately inform your manager and Local Data Protection Coordinator and try to retract or correct the mistake!
C)! It's important to act quickly to limit any damage and follow your company’s procedures for data breaches!
“It’s okay to use the same password for everything.”
Myth. Unique passwords should be used for each account. Using the same password for everything is like giving out all your keys to the wrong person—better safe than sorry!
What is considered "sensitive personal data" under GDPR?
A) Your email address
B) Your health data, such as medical test results
C) Your favorite color
B! Health data, such as medical test results, is considered sensitive personal data under GDPR. Examples can also include, racial or ethnic origin, religious beliefs, or sexual orientation.
True or False:
In the event of a data breach involving personal data you should contact the local superhero – they’ll swoop in and save the day, right?
False, you should use the form implemented for it. Contact the Local Data Protection Coordinator (LDPC) or Data Protection Officer (DPO) for additional info.
What does the GDPR’s "right to data portability" allow you to do?
A) Delete all your data
B) Move your data from one company to another
C) Restrict access to your data
B! Data portability (Article 20 GDPR) lets you take your personal data and move it to another service provider in a structured, commonly used format.
The right to data portability is one of the GDPR’s core protections, designed to empower individuals with control over their personal information.
Should you use your personal email to share work-related documents?
A) Absolutely! It’s faster, right?
B) Only if it’s a super urgent message.
C) Nope! Use your work email to keep things professional and secure.
C! Nope! Always use your work email for work-related documents to keep everything secure and professional. Your personal email is not equipped with the same security protections!
Myth or Fact:
It’s okay to use the same password for everything. Sharing is caring, right? Just let everyone know your password!
Myth. Unique passwords should be used for each account. Especially, passwords used for personal reasons should be different from those used in professional context.
True or False:
The GDPR only applies to companies based in the European Union.
False. The GDPR applies to any company that processes the personal data of people in the EU, even if the company is based outside the EU.
True or False:
Under GDPR Unilabs has has plenty time to report a data breach to the Supervisory Authority. So, leave it to after you finish binge-watching your favorite show – Priorities right?
False: Unilabs has 72 hours to do so, time is of the essence! Use the internal reporting channels to communicate it right after you are aware of a data breach.
True or False:
We use carrier pigeons to receive Data Subject's Rights Request?
False: We have an on-line form on our website and Intranet. You can contact the Local Data Protection Coordinator for more details.
You’re asked to collect personal information from customers. What’s one thing you should ensure before doing so?
A) Make sure it’s in a super cute form that everyone will love to fill out!
B) Make sure you’ve got a good reason to collect it, like a service or transaction.
C) Just collect everything because why not, right?
A! Make sure you’ve got a legitimate reason to collect the information, like fulfilling a service or legal requirement and inform them why the data is needed.
“Data breaches only affect companies.”
Myth. Data breaches don’t just affect companies—they can expose personal information, like your name, address, and financial details, putting individuals at risk of identity theft and fraud!