Client GDPR and Protecting Information Quiz Play Pause Unmute Mute Do you know the GDPR laws? Is your businesses following GDPR and protecting information correctly? Answer the questions below to find out… Cyber Security - GDPR and Protecting Information Your Company Name* Name* First Last Your email address* What type of information would have a very low impact if it was leaked to criminals?* The names and addresses of customers The business case for a new product The company's internal phone book The content of marketing brochures Which is the BEST way of securing sensitive information stored on removable devices?* Check the data on the device regularly to make sure it is complete Only use the device once so that it won't be overused and damaged Keep the removable device wrapped in protective material Password protect and encrypt the data on the removable device Which statement about downloading security patches is correct?* It is a waste of time and money, because previous versions work fine. It is essential, because it protects your personal information It is not effective, because your data may be stolen anyway. It is not essential, because it is fine to wait for the next release. Under the GDPR, what should be considered when processing personal data?* How long it will take to collect and process the data Whether the data subject cares about the processing of their personal data The impact on the rights and freedoms of the data subject How much data can be stored on the system, and whether cloud services will be required In what situation must data controllers NOT retain data?* When there is no legal obligation, or the data is no longer required When the data is more than 10 years old When the data processor has changed and has been replaced by a new processor When money can't be made from the data anymore When should you use software to lock your computer screen?* When I'm not actually typing anything When it is not in use When it is shut down and safely stored When I am typing confidential information You want to transfer some data at work using a USB stick. What should you do?* Only use a USB stick that has been provided by the IT department Only use a USB stick that has no other data on it Only use a USB stick that I have purchased myself Only use a USB stick for transferring non-confidential information If your personal information is stolen, you...* may forget your password. cannot change your password. cannot prove your identity. may be the victim of fraud. The GDPR only applies to organizations that...* offer social networking platforms. offer products or services into the EU. charge fees for their products or services. process hardcopy personal data. You must exercise your right to [?], if you want to move data that you provided to a new service provider.* access portability consent deletion You have encrypted some customer data that you are going to send to another office. How should you send the password?* I should include the password in the email with the confidential data. I should send the password in a separate email to the confidential data. I should text the password to the email recipient. The email with the data should tell the other office to phone me and ask for the password You are walking into a shop when you see a memory stick on the floor. What should you do?* Take it home and use it for non-sensitive information Format and run a virus scan on it before using it Take it home and use it for personal information Ignore it, because it would be stealing to pick it up Which of these is a risk that might be caused by exposing your personal information on the internet?* Application errors I might not be able to log in My reputation could be affected Network failure Under the GDPR, in which situation can a data controller process personal data?* When there is a legal obligation to process the data When the data controller is interested in processing personal data When the data processor wants to send out marketing emails When the data needs to be transferred to a third party How must data always be processed?* Lawfully, fairly, and in a transparent manner Electronically and in a digital format In a data centre to ensure availability at all times With consent from the data seller How should customer information be handled?* By encrypting it at all times In accordance with company rules With enough care not to destroy it Like any other piece of information What is an impact of losing a removable device containing sensitive company information?* The company may be fined by a regulator for the loss of information. The security patches on my computer will not be kept up to date. The company will have to update the anti-virus software on all computers. Criminals will be able to install malware programmes on my computer. Which is an example of sensitive personal information?* My date of birth My name My work address My job title What is the GDPR?* A guidance for driverless cars The rules governing a financial transaction A data protection law A data deletion software What is the main risk if you don't handle confidential information properly?* The information could be destroyed. The information could be incorrect. The information could be stolen. The information could be difficult to find. How should you use a USB stick securely?* Only use an approved one that has been provided by your employer Only use one that has been purchased from an approved supplier Only use one that has been used several times before, as it will be safe Only use one with a capacity that is just large enough to store the information you want to put on it You just bought a new mobile phone and put your data on it. What should you do with your old phone to protect your personal information?* I should keep it stored in a safe place until the personal information on it is out of date. I should check that I did not forget to transfer any of my personal information from it to the new phone I should sell it on a trustworthy auction site because it will only be purchased by a trustworthy person. I should make sure that my personal information is permanently removed using a memory wipe utility or factory reset function An organization processing your data must ensure that your data...* is always saved in the cloud and encrypted. is always processed lawfully. is shared with other companies. is anonymized. Under the GDPR, which is a right you have as a 'data subject'?* The right to be paid for my information The right to sell my information The right to have access to my information The right to move my information to the cloud Agreement - Your data will be retained for the anonomised purpose of statistical analysis* I agree PhoneThis field is for validation purposes and should be left unchanged.