Page 1 of 1
Module 2 — GDPR Fundamentals assessment
Knowledge check based on Module 2 of the Okimia training program — GDPR Fundamentals. Required for all employees and contractors handling personal data. 15 questions, ~8 minutes.
1. What does GDPR stand for?
*
1. What does GDPR stand for?
A
General Data Privacy Regulation
B
General Data Protection Regulation
C
Government Data Protection Rule
D
Global Data Privacy Rights
2. GDPR applies to:
*
2. GDPR applies to:
A
Only companies based in the EU
B
Any company processing personal data of EU residents, regardless of where it is based
C
Only large corporations
D
Only companies with a public website
3. Which of these qualify as personal data under GDPR? (Select all that apply)
*
3. Which of these qualify as personal data under GDPR? (Select all that apply)
A person's name and email
An IP address
A cookie identifier tied to a device
A company's annual revenue
4. When Okimia processes its own employees' HR data, what is its role?
*
4. When Okimia processes its own employees' HR data, what is its role?
A
Processor
B
Controller
C
Sub-processor
D
Joint controller with the HR provider
5. When Okimia handles a client's employee bank-account data on the client's behalf, what is its role?
*
5. When Okimia handles a client's employee bank-account data on the client's behalf, what is its role?
A
Controller
B
Processor
C
Owner
D
Custodian
6. Which of these is NOT one of the six lawful bases for processing under GDPR?
*
6. Which of these is NOT one of the six lawful bases for processing under GDPR?
A
Consent
B
Contract
C
Customer satisfaction
D
Legitimate interest
7. Which of GDPR's seven core principles are listed here? (Select all that apply)
*
7. Which of GDPR's seven core principles are listed here? (Select all that apply)
Data minimization
Purpose limitation
Storage limitation
Maximum data collection
8. Which rights do data subjects have under GDPR? (Select all that apply)
*
8. Which rights do data subjects have under GDPR? (Select all that apply)
Right of access
Right to erasure (right to be forgotten)
Right to data portability
Right to free service
9. Within how many hours must Okimia notify the CNIL of a confirmed personal data breach?
*
9. Within how many hours must Okimia notify the CNIL of a confirmed personal data breach?
A
24 hours
B
72 hours
C
7 days
D
30 days
10. Within how long must Okimia respond to a Data Subject Request?
*
10. Within how long must Okimia respond to a Data Subject Request?
A
7 days
B
1 month
C
6 months
D
1 year
11. A client emails you: 'Please delete all my account data.' What's your first action?
*
11. A client emails you: 'Please delete all my account data.' What's your first action?
A
Delete the account immediately
B
Reply asking why
C
Forward to Geoffrey (DPO) on the same day
D
Ignore it — they can do it themselves
12. Transferring personal data outside the EU/EEA without safeguards is:
*
12. Transferring personal data outside the EU/EEA without safeguards is:
A
Always allowed
B
Allowed with respondent consent only
C
Illegal under GDPR unless an appropriate safeguard applies
D
Allowed if the data is non-sensitive
13. What is a DPA (Data Processing Agreement)?
*
13. What is a DPA (Data Processing Agreement)?
A
A list of personal data we hold
B
A contract between controller and processor defining data handling
C
A document for customer signature only
D
An internal HR document
14. The maximum administrative fine under GDPR can reach:
*
14. The maximum administrative fine under GDPR can reach:
A
€10,000 per violation
B
€20M or 4% of annual global revenue, whichever is higher
C
€1M flat fee
D
An amount equal to revenue lost
15. Which of these are good daily GDPR reflexes? (Select all that apply)
*
15. Which of these are good daily GDPR reflexes? (Select all that apply)
Access only the personal data you need for your role
Use pseudonymized data for demos and tests
Forward any DSR to Geoffrey on the same day
Keep client data on your local disk for convenience
Submit