Quiz-summary
0 of 15 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
Information
The purpose of this questionnaire is to determine how ready you are for the start of GDPR in May 2018.
At the end you will be given your score and our recommendations.
Good Luck!
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Data 0%
- Personnel 0%
- Policy 0%
- Training 0%
-
OK – you’re really not trying are you? You need help and you need it fast. Call us on 01444 245415 today!
-
Well you’ve started but it’s going to be a big uphill battle. You really do need help. Call us today on 01444 245415
-
You’ve still got a long way to go, but at least you’ve started. For help call us on 01444 245415
-
Mmm.. You’re getting there but there is still work to do – if you get stuck please give us a call on 01444 245415
-
Well you seem to have it under control – well done! – if you need any help please call us on 01444 245415
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- Answered
- Review
-
Question 1 of 15
1. Question
Have all your staff received training or instruction on the GDPR?
Correct
That’s good to see. Software alone cannot sufficiently counter all threats to data protection.
Incorrect
Software alone cannot sufficiently counter all threats to data protection. Many staff are unaware of their contribution to protecting private information and what is expected of them. The GDPR requires privacy awareness training to be provided to all employees
Information
GDPR requires that all personnel understand the need for good security of data.
-
Question 2 of 15
2. Question
Have you appointed a Data Protection Officer (DPO)?
Correct
Incorrect
Information
Depending on your company type, processing requirements and sensitivity of data you may need to employ a Data Protection Officer. In some cases there will be no need for an internal DPO, some organisations may choose to employ the services of an external Data Protection Officer. GDPR-info can help you here.
-
Question 3 of 15
3. Question
Have your senior management been briefed on the GDPR?
Correct
Incorrect
Information
GDPR is probably the single biggest issue for your company today, it should be driven from the very top in order to get everyone’s input and commitment.
-
Question 4 of 15
4. Question
Have all staff received GDPR awareness training?
Correct
Incorrect
Information
Many staff are unaware of their contribution to protecting private information and what is expected of them. The GDPR requires privacy awareness training to be provided to all employees
-
Question 5 of 15
5. Question
Have you reviewed and updated your privacy policies?
Correct
Incorrect
You will need to review all existing data protection and privacy policies to ensure they comply with the new requirements.
Information
Have you checked what is in your existing privacy policies. Does they mention “Right to be forgotten” for example?
-
Question 6 of 15
6. Question
Have you made preparations for implementing and performing Data Protection Impact Assessments?
Correct
Incorrect
You should assess all of your data processing activities in relation to managing data privacy and ensuring compliance. To prepare for Data Protection Impact Assessment (DPIA) requirements, you should also identify processing of sensitive data (including biometric information), surveillance activities (including CCTV), and data processing that may impact on the rights and freedoms of individuals
Information
Are you aware of all of the data processing that is carried out on your data both internally and externally. Are you aware of the impact this processing has on the data at each point? Is there written documentation which shows the data flows within each process and an understanding of what could impact on data security and quality?
-
Question 7 of 15
7. Question
Have you assessed all points of data collection to ensure that explicit consent is properly requested in each case?
Correct
Incorrect
Where does your data come from? Every time you collect data do you tell the person why you are storing their data? Do they know they have a right to ask you to stop using their data?
Information
The GDPR implements more stringent requirements for obtaining consent when collecting data from individuals. Data collection will have to adhere to just-in-time notification of “reason for data collection” and communicating to data subjects “how their data will be processed” and procedures for “further engagement in terms of enhanced privacy rights.”
-
Question 8 of 15
8. Question
Have you prepared, documented and communicated processes for managing subject data access requests?
Correct
Incorrect
Not many companies know where all their data is kept. Data may be stored in many different places, and not just inside the company or for internal use. Data is often not restricted to databases. Much of the data people work with everyday is in a variety of file formats and on different platforms, often outside the network, somewhere in the cloud. Successfully responding to data subject access requests will be a challenge in cases where process requirements have not been considered and dealt with thoroughly
Information
Not many companies know where all their data is kept. Data may be stored in many different places, and not just inside the company or for internal use. Data is often not restricted to databases. Much of the data people work with everyday is in a variety of file formats and on different platforms, often outside the network, somewhere in the cloud. Successfully responding to data subject access requests will be a challenge in cases where process requirements have not been considered and dealt with thoroughly
-
Question 9 of 15
9. Question
Have processes been developed to allow individuals to amend or delete their personal data?
Correct
Incorrect
New enhanced personal data rights, such as the “right to be forgotten” and “data portability rights” additionally necessitate the need for organisations to know what data they process and where they store it. To allow individuals to amend or delete their personal data, the capability to track data (through systems and all the different storage locations) will be required under the GDPR
Information
Can the customers easily modify their own personal data? Can they set their communication preferences easily. Are they able to easily indicate that they want to be forgotten?
-
Question 10 of 15
10. Question
Have data retention and destruction procedures been identified for all data (including paper based) as used by your organisation?
Correct
Incorrect
Documented policies and procedures should describe handling of classified information in terms of retention, responding to data deletion requests, and maintaining records of retention and destruction activities.
Information
Do you have documentation which lists how long personal data should be held for. Is there documentation which sets out exactly how data should be safely deleted? Both for paper and electronic data?
-
Question 11 of 15
11. Question
Have you looked at your suppliers and supplier contracts in relation to the GDPR?
Correct
Incorrect
It will be necessary for organisations to monitor the privacy compliance of suppliers, agents and shops to avoid liabilities and damages. It is also advisable to follow a formal process for selecting external suppliers that will be expected to process personal data.
Information
Both the Data Owner and the Data Processor are jointly liable under GDPR. What do you know about your suppliers are they meeting all the GDPR requirements. Have you checked the wording of your contracts and ensure they stipulate GDPR practices in the documents?
-
Question 12 of 15
12. Question
Have you made preparations to report breaches as part of a response plan? Can you identify breaches?
Correct
Incorrect
Information
The GDPR introduces requirements for breach responses. Breaches must be reported to the ICO within 72hrs. This is particularly for breaches that affect data belonging to private individuals in the EU and data which is of a sensitive nature.
-
Question 13 of 15
13. Question
Have you prepared data breach notification procedures for informing data subjects?
Correct
Incorrect
Information
Depending on the seriousness of the breach and the data stolen, it may be necessary to inform all data subjects about the breach. What plans do you have in place to do this?
-
Question 14 of 15
14. Question
Have you prepared for regular compliance audits or reviews to identify and fix issues?
Correct
Incorrect
Information
It will be necessary to maintain a protocol for communicating breaches. A breach response plan should cover communication to affected individuals, and also describe processes for co-operating with regulators, credit agencies, and law enforcement.
-
Question 15 of 15
15. Question
Have you made preparations for ‘Privacy by Design and by Default’?
Correct
Incorrect
This requirement will call for evidence that you have considered and incorporated compliance measures into your data processing activities. This includes adopting appropriate policies for integrating privacy-by-design and privacy-by-default, as well as pseudonymising and data minimisation
Information
All development must now include privacy-by-design and privacy-by-default, as well as pseudonymising and data minimisation. Have steps been taken to enforce this with both internal and external developers.