 Search 

Dalveer  More 

DISCOVER (/discover) HOME (/feed) ME (/me) Groups (/org-groups)

 Back

Data Privacy Awareness

5 SmartCards To Pathway Home

 Previous Card Card 3/5 Next Card 

Data Privacy Quiz (Part 1) - Privacy Regulations  
Ashina Thakur  15 Feb 2023

All questions are mandatory

1. What does GDPR expand as? |  Correct

General Data Privacy Regulation

Global Data Protection Regulation

General Data Protection Regulation

Global Data Privacy Registration

2. When did GDPR come into force? |  Correct

25-Jun-18

25-May-18

26-May-18

25-May-19
3. Australia parliament extended coverage of the Privacy Act 1988 to private sector organizations
in which year? |  Correct
1995

2001

2018

2022

4. Which of the following statements best describes what the General Data Protection Regulation
is? |  Correct

An update on the Data Protection Act which means personal data can only legally be collected and
stored by companies in accordance with the GDPR.

A legal framework aimed at companies operating online in the EU, stipulating how and when
companies are able to collect personal data.

A legal framework relating to the collection, storage and usage of personal data, which applies to any
organization doing business with EU citizens.

A legal framework relating to the collection, storage and usage of personal data, which applies to any
organization based in the UK.

5. Which privacy principles states ‘Personal data shall be adequate, relevant and limited to the
purposes for which they are processed.’ |  Correct

Purpose Limitation

Data Minimization

Storage Limitation

Accuracy

6. Which privacy principle states Personal data to be kept for no longer than is necessary for the
purpose for which the personal data is processed. |  Correct

Purpose Limitation
 Data Minimization

Storage Limitation

Accuracy

7. ‘Lawfulness, Fairness and Transparency’ means? Select the correct option. |  Correct

Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data
subject.

The data controller shall be responsible for and be able to demonstrate compliance to privacy laws.

Personal data shall be accurate and, where necessary, kept up to date.

None of the above.

8. Which lawful basis does ITC Infotech use to process personal data of employees. |
 Incorrect

Consent

Contract

Legal Obligation

Legitimate Interest

9. In case of a data breach, GDPR requires the Controller notification to be sent to authorities
within? |  Correct

72 hours

42 hours

24 hours

8 hours
10. What are the penalties levied for non-compliance to GDPR for organizations? |  Incorrect

Higher of EUR 20,000,000 or up to 4% of the worldwide annual turnover

Higher of EUR 20,000,000 or up to 2% of the worldwide annual turnover

Higher of EUR 40,000,000 or up to 2% of the worldwide annual turnover

Higher of EUR 40,000,000 or up to 4% of the worldwide annual turnover

11. What are the penalties levied for non-compliance to CCPA/CPRA for organizations? |
 Incorrect

Any intentional violation of the CCPA/CPRA leads to a maximum civil penalty of $7500 per violation.

An unintentional violation of the CCPA/CPRA has a maximum civil penalty of $2500 per violation.

Consumers who feel that their data has been violated can file a private lawsuit against an
organization for damages between $100 to $750.

All of the above.

12. What are the penalties levied for non-compliance to LGPD for organizations? |  Correct

Fine of up to 2% of the net turnover in its last fiscal year, limited to 10.5 million USD per violation.

Fine of up to 2% of the net turnover in its last fiscal year, limited to 20 million USD per violation.

Fine of up to 4% of the net turnover in its last fiscal year, limited to 2.2 million USD per violation.

None of the above.

13. Which privacy law imposes criminal penalty or financial fines or both on an organization? |
 Incorrect

Privacy Act, 1988

Protection of Personal Information Act, 2013

 California Privacy Rights Act, 2020

General Data Protection Regulation (LGPD) Brazil, 2020

14. What are the types of personal data defined under GDPR? |  Incorrect

Personally Identifiable Information

Special Categories of personal data

Personal Data & Special Categories of Personal Data

Sensitive data

15. GDPR applies to? |  Correct

People of all geographies

Every entity that holds or uses European personal data both inside and outside Europe.

American entities holding or using Personal Data

European entities that hold or uses European personal data both inside and outside Europe.

16. Who is a data subject? |  Correct

An individual whose personal data is collected/ processed

The organization processing the personal data

The employee who deals with customer's personal data

The customer who processes personal data

17. In which scenarios, is processing done in the capacity of data controller? |  Correct

Processing of ITC Infotech employee’s data

 Processing of ITC Infotech’s vendor’s data

Processing of ITC Infotech customer’s data

None of the above

18. In which scenarios, is processing done in the capacity of data processor? |  Correct

Processing of ITC Infotech employee’s data

Processing of ITC Infotech employee's dependent's data

Processing of ITC Infotech customer’s data

19. Which data is considered as ‘sensitive personal data’ |  Correct

Name

Date of Birth

Phone number

Ethnicity

None of the above

20. Under California Consumer Privacy Act, which data is considered as ‘sensitive personal data’ |
 Correct

Social Security Number

Driver’s License

Consumer’s Email Content

All of the above

21. Which of the following is not an example of a special category of personal data? |
 Incorrect
Ethnicity

Religious beliefs

Biometric information

Date of Birth

22. Which of the following is not one of the GDPR principles? |  Correct

Personal information must be fairly, lawfully, and transparently processed

Personal information must be adequate, relevant and limited to what is necessary

Personal data must be secure

Personal data must not be more than 15 years old

23. Are customer’s business phone number, business email address and business IP address
considered to be personal data? |  Correct

Yes

No

Do not know

24. Which of the below is correct? |  Correct

POPI - Protection of Personal Information Act, South Africa

POPI – People Oriented Program Implementation

POPI – Protection of Personal identification, Johannesberg

POPI – Personnel (Of) Portuguese Information

25. Which of the below is incorrect? |  Correct

HIPAA – Health Insurance Portability and Accountability Act

Singapore PDPA – Singapore Personal Data Protection Act, Singapore

PIPEDA – Personal Information Protection and Electronic Documentation Act, Canada

CCPA – California Consumer Protection Act, Brazil

Answer Again

My Results Passed: 19 | Failed: 6

Quiz | Beginner |  Unspecified |  15m

 data privacy

60 likes 563 Comments  Like  Comment  Share

Leave a comment. Use @ to tag peers Comment

Steeve Hadly Barboza 

completed
3 hours ago  Like

Nazia Begum 
Completed
7 hours ago  Like

Mudiyala Venkatasubbareddy 
Completed
7 hours ago  Like
Show 560 more comments

(https://www.edcast.com)

Privacy Policy Terms of Service

(https://www.itcinfotech.com/privacy-policy/) (http://www.edcast.com/corp/terms-of-service/)
(https://itunes.apple.com/app/apple-store/id974833832?
pt=100220803&ct=KKWebsiteLink&mt=8) (https://play.google.com/store/apps/details?
id=com.edcast)