Lagstiftningen gäller företag i EU men också företag utanför EU, som hanterar persondata för EU-medborgare. Kort sagt betyder GDPR att det är ett EU-krav att alla organisationer som stämmer in på beskrivningen här under måste utse en Data Protection Officer.
- Hantering av personupplysningar av en offentlig myndighet
- "Regelbunden och systematisk övervakning av registrerade i stor skala"
- Storskalehantering av speciella data - till exempel biometriska, genetiska, lokaliseringsdata
Vi har därför utvecklat CDPO kurs som lär dig allt du behöver veta för att kunna implementera, administrera och anpassa en sekretesspolicy baserat på "General Data Protection Regulation (GDPR)" krav på din organisation - på bara 3 dagar.
Här hittar du 6 frågor rörande de officiella engelskspråkiga GDPR Test-examina.
- Which of the following controller/processing scenarios in principle CAN use the Public Interest legal basis?
A. A vehicle licensing agency selling owner names and contact details to the private sector in exchange for money
B. A company director credit checking agency republishing the contents of a Mandatory Public Register of directors which is already in the public domain publishing the names and addresses of directors on the internet
C. A registered and regulated charity receiving information from any public sector body as part of a lawful Data Sharing Agreement
D. None of the above
- Where the data subject is a child, what steps must controllers take in respect of consent, within the constraints of available technology?
A. Controllers must make best efforts to verify the consent
B. Controllers must make reasonable efforts to verify the consent
C. Controllers must make best efforts to request the consent in clear and plain language, in the context of the age of the child
D. Controllers must make reasonable efforts to request the consent in clear and plain language, in the context of the age of the child
3. "While implementing certain data subject rights the controller is NOT obliged by Article 19 to inform each third party recipient of the personal data" For which of the following rights is that statement TRUE?
A. "Non-profiling" under Article 22
B. B. Rectification under Article 16
C. Erasure / "right to be forgotten" under Article 17
D. Restriction under Article 18
4. For purposes of a data protection impact assessment, when must the controller seek the views of data subjects or their representatives on the intended processing?
A. Always
B. Never
C. When appropriate
D. When the supervisory authority requests it
5. Regarding data subjects protected by the GDPR, which of the following statements is true?
A. The GDPR protects only people who are physically located in the EU
B. The GDPR protects only EU citizens
C. The GDPR protects only EU residents
D. The GDPR protects only EU domiciliaries
6. In respect of non-profit representation of data subjects, which of the following statements is FALSE?
A. For a not-for-profit body, organisation to execute a mandate on behalf of a data subject, it must have been properly constituted in accordance with the law of a Member State.
B. Member State laws may provide that not-for-profit bodies may bring complaints under Articles 77, 78, and 79 in the absence of mandates from affected data subjects.
C. Any data subject has the right to mandate any not-for-profit body, organisation or association to exercise the rights referred to in Articles 77, 78 and 79 on his or her behalf, and to exercise the right to receive compensation referred to in Article 82 on his or her behalf.
D. Unless a Member State's laws facilitate it, a not-for-profit body cannot exercise the right to receive compensation referred to in Article 82 on a data subject's behalf.
Här är de rätta svaren.
1. D
2. B
3. A
4. C
5. A
6. C
Oavsett om du svarade rätt eller inte får du en bättre chans att klara din GDPR-examen och få den enda officiella GDPR-certifieringen från PECB.
Du kan utbildas och certifieras före jul och på bara 3 dagar Är du redo? Din tid börjar nu. Mer information här.