Basics

Question 1

Define GDPR

Answer 1

General Data Protection Regulation

Question 2

Define personal data and provide examples

Answer 2

Personal data is any information that can directly or indirectly identify a living individual. These include:

Name
Date of birth
Address
Email address
Mobile number
Physical characteristics (inc gender)
Location data
IP Address

Question 3

Define special category data and provide examples

Answer 3

Special category data is sensitive personal data and are listed under Article 9 of the GDPR. These include:

Race or ethnic origin
Political opinions
Religious beliefs
Trade union membership
Genetic data
Biometric data
Health data
Sex life or sexual orientation

Question 4

Define data subject

Answer 4

An individual whose personal data is being processed or controlled.

Question 5

What is a data controller?

Answer 5

An entity that determines the purposes and means of processing personal data.

Question 6

What is a data processor?

Answer 6

An entity that processes personal data on behalf of a data controller.

Question 7

Define a data breach

Answer 7

This is a security incident in which personal data is accidentally or unlawfully destroyed, lost, altered, disclosed, or accessed.

Question 8

List the seven key principles set out in GDPR

Answer 8

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

Question 9

What are the six lawful bases for processing personal data?

Answer 9

Consent
Contract
Legal Obligation
Vital Interests
Public Task
Legitimate Interests