General Concepts of GDPR 1. What does GDPR stand for? A) General Data Privacy Regulation B) General Data Protection Regulation ✅ C) Glob...
General Concepts of GDPR
1. What does GDPR stand for?
A) General Data Privacy Regulation
B) General Data Protection Regulation ✅
C) Global Data Protection Rights
D) General Digital Privacy Rules
2. When did GDPR come into effect?
A) May 25, 2018 ✅
B) January 1, 2020
C) December 15, 2017
D) June 5, 2019
3. Which organization enforces GDPR?
A) United Nations
B) European Union ✅
C) World Trade Organization
D) International Data Security Association
4. GDPR applies to companies that handle personal data of individuals from which region?
A) European Union ✅
B) United States
C) Asia
D) Africa
5. What is the primary objective of GDPR?
A) To protect the personal data and privacy of EU citizens ✅
B) To regulate social media
C) To prevent data storage in cloud servers
D) To standardize cybersecurity laws globally
6. Which type of data is protected under GDPR?
A) Only financial data
B) Only medical records
C) Any personal data ✅
D) Only passwords
7. What is the legal basis for processing personal data under GDPR?
A) Consent or legitimate interest ✅
B) Verbal approval
C) Data monetization
D) Free data sharing
8. Who does GDPR apply to?
A) Only EU-based companies
B) Any organization processing EU citizens' data ✅
C) Only government organizations
D) Only large multinational companies
9. What is the meaning of "Data Subject" under GDPR?
A) The individual whose data is being processed ✅
B) The company processing the data
C) The government agency storing data
D) The IT administrator in an organization
10. What does "right to be forgotten" mean in GDPR?
A) Individuals can request deletion of their personal data ✅
B) Companies can store user data permanently
C) Governments can delete data of criminals
D) Organizations can keep data for legal use
Key Principles of GDPR
11. How many key principles does GDPR have?
A) 6
B) 7 ✅
C) 5
D) 10
12. Which of the following is NOT a principle of GDPR?
A) Data minimization
B) Accountability
C) Data profitability ✅
D) Lawfulness, fairness, and transparency
13. What does "data minimization" mean in GDPR?
A) Collecting only necessary personal data ✅
B) Storing maximum data for analytics
C) Encrypting all stored data
D) Keeping data for a lifetime
14. What is the principle of "purpose limitation"?
A) Data should be used only for the purpose collected ✅
B) Data can be used for multiple purposes
C) Data should never be deleted
D) Data should be stored permanently
15. What is "accountability" in GDPR?
A) Organizations must prove compliance ✅
B) Governments must regulate data
C) Users must encrypt their data
D) AI must monitor data privacy
Rights of Data Subjects
16. How many rights do data subjects have under GDPR?
A) 5
B) 6
C) 8
D) 9 ✅
17. Which right allows users to access their personal data?
A) Right to data portability
B) Right of access ✅
C) Right to rectification
D) Right to be forgotten
18. What is the "right to rectification"?
A) Users can correct inaccurate personal data ✅
B) Users can delete their data
C) Users can prevent data sharing
D) Users can encrypt their data
19. What is "data portability" under GDPR?
A) Users can transfer their data from one provider to another ✅
B) Users can delete all their data
C) Users can store data in multiple formats
D) Users can encrypt their data
20. How long does a company have to respond to a GDPR data request?
A) 7 days
B) 14 days
C) 30 days ✅
D) 60 days
GDPR Compliance and Violations
21. What is the maximum fine for GDPR non-compliance?
A) €10 million
B) €20 million or 4% of global turnover ✅
C) €1 million
D) €50 million
22. Who is responsible for GDPR compliance within an organization?
A) CEO
B) Data Protection Officer (DPO) ✅
C) IT Manager
D) HR Department
23. What is "data breach notification" under GDPR?
A) Companies must inform authorities within 72 hours of a breach ✅
B) Companies can delay reporting
C) Companies must delete all user data
D) Companies can inform only affected users
24. What happens if an organization violates GDPR?
A) Heavy fines and legal actions ✅
B) Warning only
C) No action taken
D) Temporary suspension of business
25. Who enforces GDPR penalties?
A) Data Protection Authorities (DPA) ✅
B) World Trade Organization
C) Interpol
D) European Parliament
Data Processing & Security under GDPR
26. What is "data encryption" under GDPR?
A) Converting data into a secure format ✅
B) Storing data in multiple locations
C) Deleting unnecessary data
D) Selling encrypted data
27. What is the role of a "Data Controller" under GDPR?
A) Determines how personal data is processed ✅
B) Provides cybersecurity training
C) Manages GDPR fines
D) Enforces penalties
28. What is the role of a "Data Processor" under GDPR?
A) Processes data on behalf of the controller ✅
B) Creates new GDPR policies
C) Manages cybersecurity laws
D) Prevents all data breaches
29. When is a Data Protection Impact Assessment (DPIA) required?
A) When processing high-risk personal data ✅
B) When collecting marketing data
C) When data is encrypted
D) When data is stored in the cloud
30. What does GDPR say about automated decision-making?
A) Users have the right to request human intervention ✅
B) Companies can automate without restrictions
C) AI must make all GDPR-related decisions
D) Automated decisions do not require justification
Additional GDPR Topics
31. What does GDPR say about children's data?
A) Requires parental consent for users under 16 ✅
B) No special rules apply
C) Only applies to children under 10
D) Allows unrestricted data collection
32. What is a "privacy policy" under GDPR?
A) A document explaining how data is collected and used ✅
B) A security software
C) A government regulation
D) A user contract
COMMENTS