Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Regulation (GDPR) coming into effect on 25th May 2018, revealed Spiceworks’ “IT data
Snapshot” survey.
What is GDPR?
GDPR builds on the current Data Protection Act (DPA), extending the right of the individual
and forcing organisations to adhere to clear policies and procedures that protect EU citizens’
data.
The new regulations will affect all aspects of your business – this includes how IT security
teams safely store this data and effectively re-engineer breech detection. Plus, a lack of
compliance with the GDPR can lead to severe fines.
Any business that stores EU citizens’ data, regardless of whether or not they’re in the EU,
will be affected by GDPR.
Read this blog post on the 6 things you need to know about GDPR to understand how your
business is affected by GDPR and how to plan for it.
To help you prepare for your GDPR Practitioner exam and to give you an idea of the
complexities of the new GDPR regulations, we’ve included 10 official exam sample
questions that could be included on our official GDPR Practitioner course:
1. Which of the following controller/processing scenarios in principle CAN use the Public
Interest legal basis?
A. A vehicle licensing agency selling owner names and contact details to the private sector in
exchange for money
C. A registered and regulated charity receiving information from any public sector body as
part of a lawful Data Sharing Agreement
2. Where the data subject is a child, what steps must controllers take in respect of consent,
within the constraints of available technology?
A. Controllers must make best efforts to verify the consent
C. Controllers must make best efforts to request the consent in clear and plain language, in
the context of the age of the child
D. Controllers must make reasonable efforts to request the consent in clear and plain
language, in the context of the age of the child
3. "While implementing certain data subject rights the controller is NOT obliged by Article
19 to inform each third party recipient of the personal data" For which of the following
rights is that statement TRUE?
4. For purposes of a data protection impact assessment, when must the controller seek the
views of data subjects or their representatives on the intended processing?
A. Always
B. Never
C. When appropriate
5. Regarding data subjects protected by the GDPR, which of the following statements is
true?
A. The GDPR protects only people who are physically located in the EU
B. Member State laws may provide that not-for-profit bodies may bring complaints under
Articles 77, 78, and 79 in the absence of mandates from affected data subjects.
C. Any data subject has the right to mandate any not-for-profit body, organisation or
association to exercise the rights referred to in Articles 77, 78 and 79 on his or her behalf, and
to exercise the right to receive compensation referred to in Article 82 on his or her behalf.
D. Unless a Member State's laws facilitate it, a not-for-profit body cannot exercise the right to
receive compensation referred to in Article 82 on a data subject's behalf.
1. D
2. B
3. A
4. C
5. A
6. C
PECB, a leading certification body for accrediting GDPR and data protection skills, has also
provided practice exam questions.
These exam questions relate to the GDPR Foundation certification and are great examples of
what you might expect on an entry-level GDPR exam.
Possible answer
Some of the advantages that organisations gain due to GDPR implementation include:
1. More confidence in transactions between the data subjects and data processors
2. Following a single regulation
3. Setting a framework that provides reasonable assurance of privacy
4. Establishment of a trustworthy reputation in the global market
5. Maximising the possibilities to provide safe data processing services
Question 2 (5 points): Considering that the aim of General Data Protection Regulation is
to ensure a consistent level of protection for natural persons throughout the European
Union and to prevent divergences hampering the free movement of personal data, please
list at least five changes that an organisation can face due to its implementation.
Possible answer
Some of the changes that an organization can face due to GDPR implementation include:
Question 3 (5 points): Organisations wanting to comply with the General Data Protection
Regulation shall respect the data subject rights. Please provide at least one concrete action
that would support an organisation in complying with the following rights.
Possible answer:
Documented policy that enables the data subject to request restriction of processing
his/her personal data if such processing is unlawful
Possible answer:
Establishment of a policy that enables the data subject to object at any time processing
of his/her personal data for marketing purposes
Question 4 (5 points): Please define what measures an organisation can implement to
demonstrate compliance with the following:
Security of processing
Possible answer:
1. Establish a procedure that defines what technical and organisational measures shall be
implemented to demonstrate compliance with the GDPR
2. Establish a system that assesses the appropriate level of security when processing
activities are carried out
Whether or not you got the answers right, upskill your team and prepare your business in
time with Firebrand’s accelerated 3-day GDPR Practitioner Certification - built by a former
Data Manager and Solicitor of the Supreme Courts of England and Wales.