–––

Test not passed

––– 

Unfortunately you did not reach the required number of correct answers. You will therefore not be issued a certificate. It is usually not intended to fill out the test again. If you have any questions, please contact the responsible contact person in your company.

Question 1
What does the principle of data minimization include?
No personal data may be processed at all.
x Any processing of personal data shall be guided by the objective of collecting, storing and transmitting as little personal data as possible.
Question 2
In which of the following cases is personal data concerned?
x Information relating to an identified natural person.
Information relating to a legal entity (e.g., trade secrets).
x Information relating to an identifiable natural person.
Question 3
Which statement on the applicability of the GDPR is correct?
x The GDPR is applicable on the automated processing of personal data using IT.
x If the processing of personal data is processed orally , the GDPR is not applicable, as there is no need for protection.
Question 4
Which of the following are typical cases of the processing of personal data carried out by a processor?
Shipment of letters or parcels by a postal service provider.
x The maintenance of IT applications by a service provider if there is a possibility of access to personal data.
Cleaning services and services of craftsman in the company.
x The shredding of files containing personal data by a service provider.
Question 5
Which statement is correct?
In order for personal data to be processed lawfully, the consent of the data subject must always be obtained.
x The lawful processing of personal data always requires a legal basis.
x The legal basis for the processing may also result from contracts or the legitimate interest of the company.
Question 6
When must personal data generally be deleted?
x If the purpose of the processing has been fulfilled and no legal retention periods prevent the deletion.
As the personal data has been lawfully collected, it generally only must be deleted if a data subject requests its deletion.
Question 7
What should be considered with regard to the information requirements (Art. 13, 14 GDPR) when sending an e-mail?
When sending e-mails, the information requirements do not have to be observed.
x The information provided on the website should be linked in the footer of an e-mail.
The necessary information must be attached to each e-mail as a pdf-file.
Question 8
In which of the following cases can occur a data breach?
x In a hacking attack.
x When customer documents are sent to the wrong e-mail address only by mistake.
x When sending an e-mail with an open address list.
x In case of loss of a data carrier.
Question 9
What should I do if I suspect that a data breach has occurred?
I should delete the information immediately and hope that the incident will have no further impact.
x I should document the underlying information.
x I should immediately notify the privacy coordinator.
Question 10
Which information does the right of access of a data subject (Art. 15 GDPR) include?
x The information whether personal data concerning the data subject is being processed.
x If personal data concerning the data subject is being processed, further information, such as the purpose of the processing, categories of personal data concerned and recipients to whom the personal data have been or will be disclosed.
Question 11
By which groups of persons can the right of access be exercised?
x Suppliers
x Customers
x Employees
x Applicants
Question 12
Which measures must be taken to protect personal data?
x The system and application software as well as firewall and virus scanner must be kept up to date.
In order to be able to use the computer as quickly as possible after only a short absence from the workspace, a password protection is not necessary.
x Private hardware (e.g., USB drive) may not be used on company equipment.
Cabinets which contain only paper files do not have to be locked.
x Backup copies must be encrypted.
Question 13
What must be considered when creating a password?
The length alone determines the security of the password. Therefore, I can create a secure password by randomly selecting a very long word from a lexicon or dictionary.
x A secure password consists of many different characters, digits and special characters.
Since the password is difficult to remember, I write it down and keep the note at my desk.
Question 14
Who must be bound to confidentiality?
All employees.
x Only those employees who have access to personal data.
x The facility manager who has an official company e-mail account.