By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Scenario 1: The Busy Printer A patient at a clinic finishes their consultation. The receptionist is helping someone else, so the patient walks to the front desk and picks up the after-visit summary from the printer tray. It has their name and treatment code on it.
Is this GDPR-safe? NO. This is a breach of confidentiality. Documents containing personal data must not be left in an openly accessible printer tray. They must be handed directly to the data subject or secured.
Scenario 2: The Shared Computer An office worker needs to print a list of client contacts for a meeting. She opens the file, hits print, and walks to the printer. She logs off her computer, but the screen stays on, showing a list of client email addresses and phone numbers. A cleaner walks by 10 minutes later and sees the screen.
Is this GDPR-safe? NO. The failure to lock the screen is a breach. While the cleaner may not be a hacker, they are an unauthorized third party. The company failed to ensure integrity and confidentiality (the "C" in the CIA triad).
Scenario 3: The BCC Blunder A manager wants to send a newsletter to 50 customers. He puts all 50 email addresses in the "To:" field instead of the "BCC:" field. He hits send. Now, all 50 recipients can see each other's email addresses.
Is this GDPR-safe? NO. This is a classic data breach. Email addresses are personal data. Exposing them to other unauthorized individuals violates the principle of integrity and confidentiality.
Scenario 4: The Verbal Verification A customer calls your helpline. They are angry and want details on their account. They provide their name, address, and date of birth. The agent looks up the account and reads out the last three transactions to verify they are the right person. The caller confirms.
Is this GDPR-safe? YES. This is generally safe, provided the agent did not read out the full payment card number or share data with anyone but the authenticated caller. Verification is key to security.
Scenario 5: The Trash Can Clearout An employee is cleaning their desk at the end of the year. They find old spreadsheets containing employee salary data from 2018. They throw the entire stack into the regular office trash bin, which goes to a landfill.
Is this GDPR-safe? NO. Personal data must be disposed of securely (shredding or secure destruction). Putting it in a general waste bin is a breach, as data could be recovered.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.