1. What does GDPR stand for?
A. General Data Protection Regulation
B. General Data Privacy Regulation
C. Global Data Protection Regulation
D. Government Data Protection Regulation
Answer: A
(GDPR stands for General Data Protection Regulation, a regulation in EU law on data protection and privacy.)
2. Which of the following rights is granted by the GDPR to individuals regarding their personal data?
A. The right to access, correct, and delete their data
B. The right to use their data for free
C. The right to sell their data to third parties
D. The right to store their data indefinitely
Answer: A
(GDPR gives individuals the right to access, correct, and request deletion of their personal data.)
3. What is the primary purpose of the HIPAA (Health Insurance Portability and Accountability Act) in the context of data security?
A. To regulate how personal data is transferred between countries
B. To ensure that healthcare organizations protect patient privacy and secure health-related data
C. To provide guidelines for data encryption in financial institutions
D. To monitor the ethical use of data in advertising
Answer: B
(HIPAA ensures that healthcare organizations protect the privacy of individualsā health data and enforce strict security measures for this data.)
4. Under GDPR, what is required from organizations before processing personal data?
A. Anonymizing the data
B. Obtaining explicit consent from the data subject
C. Encrypting the data
D. Storing the data in a centralized database
Answer: B
(GDPR requires organizations to obtain explicit consent from individuals before processing their personal data.)
5. What does GDPR’s concept of “data portability” allow individuals to do?
A. Delete their data from any system
B. Transfer their personal data from one service provider to another in a structured, commonly used format
C. Share their data with any third-party organization
D. Have their data automatically encrypted
Answer: B
(Data portability under GDPR allows individuals to transfer their personal data between service providers in a structured, commonly used format.)
6. Which of the following is an example of a breach of the GDPR?
A. An organization anonymizes personal data for research purposes
B. A company collects personal data without the consent of the individual
C. A company encrypts personal data before storing it
D. An individual accesses their own personal data from a service provider
Answer: B
(A breach of GDPR occurs if an organization collects personal data without obtaining consent from the individual.)
7. What is HIPAA’s main requirement for healthcare providers regarding data?
A. They must store all patient data in physical records
B. They must use encrypted communication for patient information
C. They must ensure that personal health information is kept confidential and secure
D. They must allow patients to freely share their health data with third parties
Answer: C
(HIPAA requires healthcare providers to maintain the confidentiality and security of personal health information.)
8. Which of the following is NOT a responsibility of an organization under the GDPR?
A. To notify individuals if their data has been breached
B. To keep data in its raw form for as long as possible
C. To ensure that personal data is processed in a lawful, transparent manner
D. To allow individuals to request access to their personal data
Answer: B
(GDPR requires organizations to minimize the retention of personal data and ensure it is stored for no longer than necessary, not to keep it in its raw form indefinitely.)
9. Which of the following is an example of data subject rights under GDPR?
A. The right to request data deletion
B. The right to access all data within the organizationās systems
C. The right to share data with third-party advertisers
D. The right to have unlimited access to data processing servers
Answer: A
(Under GDPR, data subjects have the right to request that their personal data be deleted, also known as the “right to be forgotten.”)
10. What does the “right to be forgotten” under GDPR mean?
A. Individuals can request that all their personal data be erased from all systems
B. Individuals can request that their personal data be shared with any third-party service provider
C. Individuals can request that their personal data be stored indefinitely for future use
D. Individuals can request that their personal data be sent to government authorities
Answer: A
(The “right to be forgotten” allows individuals to request that their personal data be erased from systems when it is no longer necessary or when consent is withdrawn.)