EMT Practice Test

1. Question Content...


Question List

Question1: Which action is considered processing of personal data where the GDPR applies?

Question2: A controller is processing personal data based on consent of the data subjects. There are no other legitimate grounds. While processing, the controller discovers that a data subject whose consent for the processing had been received, has died since.
What, according to the GDPR, will be the consequences for the controller with regard to the processing?

Question3: While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder's name and address, PIN number and more.
What kind of a data breach is this?

Question4: Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing.
What is another important technical requirement?

Question5: An architect, leaving a building site, puts his laptop for a moment beside his car on the road, while answering his phone. When driving away he sees in the mirror his laptop being crushed by an enormous lorry driving over it. All his files on the design of the building and the calculations he worked on are lost. His only consolation is that those were the only files on the device.
In terms of the GDPR, what happened?

Question6: The GDPR states that records of processing activities must be kept by the controller. To whom must the controller make these records available, if requested?

Question7: According to the GDPR, what is the main reason to consider data protection in the initial design phase?

Question8: "The controller shall implement appropriate technical and organizational measures for ensuring that (...) only personal data which are necessary for each specific purpose of the processing are processed." Which term in the General Data Protection Regulation (GDPR) is defined?

Question9: Which cause is a data breach according to the GDPR?

Question10: According to art.33 of the General Data Protection Regulation (GDPR) the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority.
What is the maximum penalty for non-compliance with this obligation?

Question11: How are the terms privacy and data protection related?

Question12: What does the principle of 'data minimization' mean?

Question13: Someone regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to wipe his personal data.
Which aspect of the rights of a data subject in the General Data Protection Regulation (GDPR) requires the company to comply?

Question14: According to the GDPR, for which situations should a Data Protection impact Assessment (DPIA) be conducted?

Question15: According to the GDPR, what is a mandatory topic in a DPIA report?

Question16: Which situation is considered a data breach according to the GDPR?

Question17: What is the role of the one assigned the responsibility to govern the purposes and means of processing personal data within an organization, according to the GDPR?