Javascript is required

Audit modelE-Learning - GDPR Awareness - Level 1

Test your knowledge of the General Data Protection Regulation (GDPR). Through this questionnaire, you can quickly assess your level of knowledge and participate in the obligation to train key people on the subject of personal data protection.

1. General

1.1. When did the GDPR come into force?
1.2. What is the purpose of the GDPR?
1.3. Who is affected by the GDPR?

2. Personal data and the processing of personal data

2.1. What is personal data?
2.2. Does encrypted data remain personal data?
2.3. An encrypted data remains a personal data ?
2.4. Anonymised data remains personal data?
2.5. Pseudonymised data is still personal data?
2.6. What is personal data processing?
2.7. Can personal data collected for data processing be retained for an unlimited period of time?

3. The different roles

1. DPO

1.1. What is a DPO?
1.2. What is the role of the DPO?
1.3. The DPO is necessarily a lawyer or jurist ?
1.4. Is the appointment of a DPO always mandatory?
1.5. In which case(s) is the appointment of a DPO compulsory?

2. Data controller

2.1. What is a controller?
2.2. Can there be several controllers for the same processing operation?

3. Subcontractor

3.1. What is a subcontractor?
3.2. The sub-contractor must set up a register of its processing operations ?

4. Recipients

4.1. What is a recipient in a personal data processing operation?
4.2. Can a subcontractor be a recipient of personal data?

4. The purposes and legal bases of the processing

4.1. Can a personal data processing operation have several purposes?
4.2. Is it possible to indicate several legal bases for the purpose of data processing?
4.3. Is it possible to further process personal data from an initial processing for other purposes?

5. Transfers outside the EU

5.1. The GDPR lays down the fundamental principle that any transfer of personal data outside the EU/EEA is prohibited
5.2. Are there any justifications for controllers and processors to transfer data outside the European Union (EU) and the European Economic Area (EEA)?
5.3. What legal tools can be used to regulate transfers?
5.4. Should transfers be listed in the processing register?

6. Data subject rights requests

6.1. Who is concerned by the exercise of rights?
6.2. Companies or organisations processing personal data have an obligation to facilitate the exercise of rights ?
6.3. What is the deadline for responding to a request to exercise a right?
6.4. Can the time limit for responding to a request to exercise a right be increased?

7. Data breaches

7.1. What is a data breach?
7.2. Who is affected by data breaches?
7.3. What is the maximum time limit for the data controller to notify the data protection authorities in the event of a data breach?
7.4. Should data subjects affected by the data breach be informed of the data breach?
7.5. In the event of high risk, is it possible to waive the obligation to inform the persons concerned?
Created at:2023-09-11T07:37:18.0833268

Updated on :2023-10-16T09:06:40.9034436

License : © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale

author :
Paul-Emmanuel Bidault
Paul-Emmanuel Bidault

Uses :6

Access all our audit templates

Try Dastra now to access all of our audit templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Build my audit
Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.