GDPR quiz Flashcards
Once the GDPR is in force, businesses will no longer r be able to rely on ‘ implied consent’ as a legal basis for processing personal data.
True
Businesses will need to review how they obtain record and manage consent of employee data ahead of the GDPR. It is essential that employees provide a positive ‘ opt in’ - and that this ‘ opt in ‘ is separate from any other terms and conditions.
True
Once the ~GDPR takes effect, businesses could be fined up to four per cent of their global annual turnover for serious ‘ tier 1’ data breacehs
True
All businesses will need to carry out Data Protection Impact assessments in order to be compliant with the GDPR
Myth
Any personal data acquired by a business before 25 may 2018 that is already stored in its database will not be subject to the GDPR.
myth
In order to ensure that they are fully compliant with the GDPR’s principle of accountability, businesses should identify the lawful basis for processing any personal data.
True
Once the GDPR takes effect businesses will first need to seek parental consent before collecting any data relating to persons under the age of 18, even if such data is very basic
Myth
Large businesses which engage in large - scale systematic monitoring or processing of sensitive personal data will be required to appoint a data protection officer if they have 250 employees or more, or are recognised as a public authority.
True
Businesses need not worry too much about data they hold in relation to their employees. Inserting a simple clause in employment contracts about the GDPR will suffice in terms of compliance.
Myth
Once the GDPR is introduced, individuals will receive a new ‘right to be forgotten’. This means that businesses can only process their personal data for as long as this data remains necessary for the original purpose for which it was collected.
True
