Company X has entrusted the processing of their payroll data to Provider
Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?

• A.The public
• B.Company X
• C.Law enforcement
• D.The supervisory authority

Comment: *

Name: *

Email: *

Verification: *

Under the GDPR, which essential pieces of information must be provided to data subjects before collecting their personal data?

• A.The contact information of the controller and a description of the retention policy.
• B.The name/s of relevant government agencies involved and the steps needed for revising the data.
• C.The authority by which the controller is collecting the data and the third parties to whom the data will be sent.
• D.The identity and contact details of the controller and the reasons the data is being collected.

Comment: *

Name: *

Email: *

Verification: *

Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?

• A.Data subjects must be sufficiently informed of the purposes for which their personal data is processed.
• B.Processing of special categories of personal data on a large scale requires appointing a DPO.
• C.Personal data of data subjects must always be accurate and kept up to date.
• D.Data controllers must be in control of the data they hold at all times.

Comment: *

Name: *

Email: *

Verification: *

Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?

• A.A voluntary notification for personal data breaches applicable to electronic communication providers.
• B.A mandatory notification for personal data breaches applicable to all data controllers.
• C.A voluntary notification for personal data breaches applicable to all data controllers.
• D.A mandatory notification for personal data breaches applicable to electronic communication providers.

Comment: *

Name: *

Email: *

Verification: *

When is data sharing agreement MOST likely to be needed?

• A.When personal data is being proactively shared by a controller to support a police investigation.
• B.When personal data is being shared between commercial organizations acting as joint data controllers.
• C.When anonymized data is being shared.
• D.When personal data is being shared with a public authority with powers to require the personal data to be disclosed.

Comment: *

Name: *

Email: *

Verification: *