Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?

• A.If the processing involves data that is considered personal data
• B.If the processing is used to predict the behavior of data subjects
• C.If the processing is to be performed by a third-party vendor
• D.If the processing of the data is done through automated means

Comment: *

Name: *

Email: *

Verification: *

The GDPR specifies fines that may be levied against data controllers for certain infringements. Which of the following infringements would be subject to the less severe administrative fine of up to 10 million euros (or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year)?

• A.Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing.
• B.Failure to process personal information in a manner compatible with its original purpose.
• C.Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default.
• D.Failure to provide the means for a data subject to rectify inaccuracies in personal data.

Comment: *

Name: *

Email: *

Verification: *

When would a data subject NOT be able to exercise the right to portability?

• A.When the processing is necessary to perform a task in the exercise of authority vested in the controller.
• B.When the processing is carried out pursuant to a contract with the data subject.
• C.When the data was supplied to the controller by the data subject.
• D.When the processing is based on consent.

Comment: *

Name: *

Email: *

Verification: *

You are the new Data Protection Officer for your company and have to determine whether the company has implemented appropriate technical and organizational measures as required by Article 32 of the GDPR. Which of the following would be the most important to consider when trying to determine this?

• A.How the public perceives what constitutes adequate security measures
• B.Which kinds of security measures your company has employed in the past
• C.How security measures might evolve in the future
• D.Which security measures are endorsed by a majority of experts.

Comment: *

Name: *

Email: *

Verification: *

A company in France suffers a robbery over the weekend owing to a faulty alarm system. When it is determined that the break-in involves the loss of a substantial amount of data, the company decides on a CCTV system to monitor for future incidents. Company technicians install cameras in the entrance of the building, hallways and offices. Footage is recorded continuously, and is monitored by the home office in the United States. What is the most realistic step the company could take to address their security concerns and comply with the personal data processing principles set out in Article 5 of the GDPR?

• A.Retain captured footage for no more than 30 days.
• B.Have cameras recording during work hours only.
• C.Seek informed consent from company employees.
• D.Restrict camera placement to building entrances only.

Comment: *

Name: *

Email: *

Verification: *