GDPR & Protecting Information Quiz | Custard Technical Services

Do you know the GDPR laws? Is your businesses following GDPR and protecting information correctly? Answer the questions below to find out…

Cyber Security - GDPR and Protecting Information

Your Company Name*
Name*
First Last
Your email address*
What type of information would have a very low impact if it was leaked to criminals?*
- The names and addresses of customers
- The business case for a new product
- The company's internal phone book
- The content of marketing brochures
Which is the BEST way of securing sensitive information stored on removable devices?*
- Check the data on the device regularly to make sure it is complete
- Only use the device once so that it won't be overused and damaged
- Keep the removable device wrapped in protective material
- Password protect and encrypt the data on the removable device
Which statement about downloading security patches is correct?*
- It is a waste of time and money, because previous versions work fine.
- It is essential, because it protects your personal information
- It is not effective, because your data may be stolen anyway.
- It is not essential, because it is fine to wait for the next release.
Under the GDPR, what should be considered when processing personal data?*
- How long it will take to collect and process the data
- Whether the data subject cares about the processing of their personal data
- The impact on the rights and freedoms of the data subject
- How much data can be stored on the system, and whether cloud services will be required
In what situation must data controllers NOT retain data?*
- When there is no legal obligation, or the data is no longer required
- When the data is more than 10 years old
- When the data processor has changed and has been replaced by a new processor
- When money can't be made from the data anymore
When should you use software to lock your computer screen?*
- When I'm not actually typing anything
- When it is not in use
- When it is shut down and safely stored
- When I am typing confidential information
You want to transfer some data at work using a USB stick. What should you do?*
- Only use a USB stick that has been provided by the IT department
- Only use a USB stick that has no other data on it
- Only use a USB stick that I have purchased myself
- Only use a USB stick for transferring non-confidential information
If your personal information is stolen, you...*
- may forget your password.
- cannot change your password.
- cannot prove your identity.
- may be the victim of fraud.
The GDPR only applies to organizations that...*
- offer social networking platforms.
- offer products or services into the EU.
- charge fees for their products or services.
- process hardcopy personal data.
You must exercise your right to [?], if you want to move data that you provided to a new service provider.*
- access
- portability
- consent
- deletion
You have encrypted some customer data that you are going to send to another office. How should you send the password?*
- I should include the password in the email with the confidential data.
- I should send the password in a separate email to the confidential data.
- I should text the password to the email recipient.
- The email with the data should tell the other office to phone me and ask for the password
You are walking into a shop when you see a memory stick on the floor. What should you do?*
- Take it home and use it for non-sensitive information
- Format and run a virus scan on it before using it
- Take it home and use it for personal information
- Ignore it, because it would be stealing to pick it up
Which of these is a risk that might be caused by exposing your personal information on the internet?*
- Application errors
- I might not be able to log in
- My reputation could be affected
- Network failure
Under the GDPR, in which situation can a data controller process personal data?*
- When there is a legal obligation to process the data
- When the data controller is interested in processing personal data
- When the data processor wants to send out marketing emails
- When the data needs to be transferred to a third party
How must data always be processed?*
- Lawfully, fairly, and in a transparent manner
- Electronically and in a digital format
- In a data centre to ensure availability at all times
- With consent from the data seller
How should customer information be handled?*
- By encrypting it at all times
- In accordance with company rules
- With enough care not to destroy it
- Like any other piece of information
What is an impact of losing a removable device containing sensitive company information?*
- The company may be fined by a regulator for the loss of information.
- The security patches on my computer will not be kept up to date.
- The company will have to update the anti-virus software on all computers.
- Criminals will be able to install malware programmes on my computer.
Which is an example of sensitive personal information?*
- My date of birth
- My name
- My work address
- My job title
What is the GDPR?*
- A guidance for driverless cars
- The rules governing a financial transaction
- A data protection law
- A data deletion software
What is the main risk if you don't handle confidential information properly?*
- The information could be destroyed.
- The information could be incorrect.
- The information could be stolen.
- The information could be difficult to find.
How should you use a USB stick securely?*
- Only use an approved one that has been provided by your employer
- Only use one that has been purchased from an approved supplier
- Only use one that has been used several times before, as it will be safe
- Only use one with a capacity that is just large enough to store the information you want to put on it
You just bought a new mobile phone and put your data on it. What should you do with your old phone to protect your personal information?*
- I should keep it stored in a safe place until the personal information on it is out of date.
- I should check that I did not forget to transfer any of my personal information from it to the new phone
- I should sell it on a trustworthy auction site because it will only be purchased by a trustworthy person.
- I should make sure that my personal information is permanently removed using a memory wipe utility or factory reset function
An organization processing your data must ensure that your data...*
- is always saved in the cloud and encrypted.
- is always processed lawfully.
- is shared with other companies.
- is anonymized.
Under the GDPR, which is a right you have as a 'data subject'?*
- The right to be paid for my information
- The right to sell my information
- The right to have access to my information
- The right to move my information to the cloud
Agreement - Your data will be retained for the anonomised purpose of statistical analysis*
- I agree
Phone
This field is for validation purposes and should be left unchanged.