Exercices

To check your knowledge you can answer the following questions and you immediately get the answer.

Feel free to try and even start again if you don't find the right answer at your first try.

The survey is anonymous and no individual record of your answers will be saved.

1. Since when has the protection of personal data become an obligation for companies in Europe?

  • A : 25th of may 2018.
  • B : 6th of january 1978.
  • C : 24th of october 1995.

2. What is the main principle of the GDPR?

  • A : Give more rights to companies regarding the use of personal data.
  • B : Giving people back control over their personal data and helping them to better enforce their rights.
  • C : Promote the use of digital tools for better data protection.

3. If the Elior Group does not comply with the GDPR, the Group risks a fine of up to?

  • A : 2 or 4% of global sales worldwide.
  • B : 2 to 4% of turnover excluding subsidiaries.
  • C : 50 million euros.

4. Can all the following data be considered as personal data (business email address, social security number, IP address)?

  • A : Yes.
  • B : Yes, except for the professional email address.
  • C : No, there is no personal data.

5. In the list below, what data is considered "sensitive" according to the French Data Protection authority?

  • A : Pork-free meal.
  • B : Salt-free meal.
  • C : «  Hallal » or « casher » meal.
  • D : All the above.

6. What are the legal bases that can justify the processing of personal data?

  • A : The consent.
  • B : The contract.
  • C : All mentioned.

7. A client with aggressive behavior and it is legitimate that the information is known to all. What comment is to be avoided?

  • A : The client went crazy.
  • B : Difficult exchange with the customer.
  • C : Risk of violence in the event of home travel.

8. Among the proposals below, which is a request for access right in accordance with the GDPR ?

  • A : Mail from a client requesting access to its data via its client area.
  • B : Mail from a customer requesting access to his/her data + copy of an identity document.
  • C : The above two proposals are in accordance with the GDPR.

9. What types of processing does the GDPR apply to?

  • A :  The processing of personal data in digital format.
  • B :  Processing of personal data in paper format.
  • C : Both types of processing are concerned.

10. Under the GDPR, the controller is he systematically responsible for the failures of his subcontractor?

  • A : Yes, it is the controller who bears all the responsibility
  • B : Yes, responsibility is shared.
  • C : No, the subcontractor has its own responsibility.

11. Is the consent of the person concerned systematically necessary before the processing of personal data?

  • A : Yes, without consent it is not possible to collect the personal data of people.
  • B : No, consent is not required for all processing operations.

12. What are the elements to be taken into account in order to determine whether the GDPR is applicable to a data processing operation?

  • A : The location of the data processing operation.
  • B : The nationality of the persons concerned.
  • C : All the suggestions.