GDPR Knowledge Test
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 4% Most missed: “How can organizations ensure that data processing agreements comply with GDPR re…”

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union and the European Economic Area. The GDPR is an important component of EU privacy law and human rights law, in particular Article 8 of the Charter of Fundamental Rights of the European Union.

The EU general data protection regulation (GDPR) is currently the strongest privacy and security law in the world. This regulation updated and modernised the principles of the 1995 data protection directive. It was adopted in 2016 and entered into application on 25 May 2018.

GDPR Knowledge Test
Time left 00:00
25 Questions

1. What is a Data Protection Impact Assessment (DPIA) used for?
2. How can organizations ensure that data processing agreements comply with GDPR requirements?
3. What is the maximum time limit for responding to a data subject’s request for access to their personal data under GDPR?
4. What is the maximum fine for a data controller or processor for not cooperating with a supervisory authority during an investigation?
5. Which individuals’ data does GDPR protect?
6. What does GDPR stand for?
7. What is the principle that organizations should only collect and process the minimum amount of personal data required for a specific purpose?
8. What does GDPR require organizations to obtain before processing personal data?
9. Which of the following actions is not considered a lawful basis for processing personal data under GDPR?
10. What is the maximum penalty for GDPR non-compliance?
11. What does GDPR define as “personal data”?
12. Which of the following is an example of a data subject right under GDPR?
13. What is the term for a contract that governs the relationship between a data controller and a data processor under GDPR?
14. What does GDPR require organizations to do with data processing agreements after they have ceased providing data processing services?
15. Under GDPR, what does the term “data protection by design and by default” mean?
16. What is a Data Protection Officer (DPO) responsible for?
17. What is the term for the process of completely erasing an individual’s personal data upon request?
18. Which supervisory authority is responsible for enforcing GDPR within an organization’s main establishment in the EU?
19. Under GDPR, what is the age of consent for children to provide their own consent for data processing?
20. Which of the following is a data subject right under GDPR?
21. How long do organizations need to retain personal data under GDPR?
22. How does GDPR define “consent” in the context of data processing?
23. What is the term for a representative appointed by a non-EU organization that processes personal data of EU residents on its behalf?
24. Under GDPR, who is responsible for reporting data breaches to the relevant supervisory authority?
25. Which of the following is not a lawful basis for processing personal data under GDPR?