GDPR - Certified Data Protection Officer (CDPO) Quiz Questions and Answers

Answer :
  • An approach that implements data protection from the beginning

Explanation :

The objective of data protection by design and by default is to create systems and services that minimize data through settings that are data protection-friendly. According to the GDPR, the controller should adopt internal policies and implement measures that inter alia minimize the processing of personal data, pseudonymizing personal data as soon as possible. Therefore, according to data protection by design and by default, personal data should be automatically protected in any IT system or business practice from the start, so that users do not have to worry about configuring the product, service, or application toward dealing with their data protection needs.
Answer :
  • 48 hours

Explanation :

48 hours. You should report a data breach as soon as you can, but have a maximum of 48 hours to do so. Complete a data breach report form (available on the website) and email it to dataprotection@girlguiding.org.uk at Girlguiding HQ. If you can’t find the form, email or call the Data Protection team (020 7834 6242, extension 3060). If you’re not sure what’s happened or whether what you’ve found is a data breach, the rule is: If in doubt, report – it’s better to over-report than under-report. You will still report, even if you were able to get the data back, as Girlguiding HQ must, by law, keep a record of all actual and potential breaches.
Answer :
  • Send the forms of the injured girl to the Insurance team at Girlguiding HQ and destroy the rest securely once Girlguiding HQ has confirmed receiving the girl’s forms

Explanation :

Send the forms for the girl who was injured to the Insurance team at Girlguiding HQ and destroy the rest of the forms securely once Girlguiding HQ has confirmed receiving them. (Also send the team the Risk Assessment form, if there is one.) Remember the golden rule: if you don’t actively need it for a specific purpose, destroy it securely. At Girlguiding, we only need to keep personal data when the law requires us to do so. There’s only a minimum amount of personal data that needs to be kept by units. This includes unit financial records and risk assessments
Answer :
  • FALSE

Explanation :

It is not advisable to assign both the role of the CISO and the DPO to one individual. The CISO is responsible for the implementation of policies, processes, and procedures to comply with the GDPR, IT solutions that support business objectives, data protection by design and by default principles, and coordination of data protection activities. On the other hand, the DPO is responsible for monitoring such policies, processes, and procedures to ensure compliance with the GDPR.
Answer :
  • Notify the supervisory authority about the internal audit results

Explanation :

Tasks of the DPO in data protection internal audits include: Documenting the GDPR compliance gaps; auditing all the processing of personal data in the organization; providing the necessary advice to help the organization follow up on nonconformities in data protection; and helping the organization prepare for other audits, including inspections conducted by auditors mandated by the controller or data protection audits conducted by the supervisory authority.
Answer :
  • Activities related to critical processes that enable the organization to achieve its data protection performance objectives

Explanation :

It is recommended to focus on monitoring and measuring activities that are linked to critical processes that enable the organization to achieve its data protection performance objectives. Critical activities are the key operations that assist an organization in achieving its objectives. For instance, the critical activity of a hospital is to provide healthcare services, but another critical activity is also to process patients’ health data.