0 of 37 Questions completed
Questions:
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
0 of 37 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
If a teacher receives a Subject Access Request (SAR), what should they be trained to do?
Which of the following items is NOT required to be contained within the record of processing activities (ROPA) as set out in the UK GDPR?
Under Article 30 of UK GDPR, unless exempt, Controllers must maintain a Record of their Processing Activities (ROPA). The ROPA must contain the following information. Select all that apply:
When you leave your desk, it is good practice to do the following Select all that apply.
Which of the following is NOT an obligation of the Processor when processing the Personal Data on behalf of the Controller?
Which of the following is NOT an individual’s legal right under GDPR?
Which of the following responsibilities does the Information Commissioner’s Office (ICO) NOT have?
Which Data Protection Principle ensures that the School’s Privacy Notice accurately reflects how it uses personal data?
A member of staff collapses and is unconscious, you share their medical information with a paramedic. Is this an unlawful and unauthorized disclosure of personal data?
Which of the following are Data Subjects? Select all that apply.
Which data protection principle requires you to have appropriate measures and records in place to be able to demonstrate your compliance with GDPR.
To comply with the Data Minimisation principle, when sharing information, you should… Select all that apply.
Your Principal has suggested certain staff wear “body worn cameras” to capture unruly student behaviour. What will your advice include?
The “Right to Be Forgotten” gives an individual the right to request to have their personal data…?
Which of the following is NOT an “Individual Right”?
If the School discovers a significant data breach, how long does it have to report this to the Information Commissioner’s Office?
You are advising the Board of Directors on staff using their personal devices for work purposes. (Use Your Own Device or UYOD). Which of these statements is appropriate. Select all that apply.
What is “processing” information? Select all that apply
How long does a Controller usually have to comply with a valid Subject Access Request
Which of the following statements is true of a Processor? Select all that apply.
Which of the following is NOT a necessary component of legally valid consent under UK GDPR?
Which of the following are lawful bases under Article 6 UK GDPR, for sharing personal data? Select all that apply.
A member of staff uses her access permissions to access the HR system and discovers that a colleague junior to her receives more in remuneration and benefits. She uses this information to request a pay rise. Which of the statements is most likely to be TRUE.
Which of the following would NOT fall under the jurisdiction of GDPR?
An Appropriate Policy Document (APD) is:
What might happen if a Controller who is not exempt, fails to pay the annual Controller fee?
Finish the following sentence. A Controller….
Select the phrase that is the most appropriate
Which of the following is NOT special category personal data under UK GDPR?
If your school is required to disclose your salary details to HMRC, which legal basis would they likely to be relying on?
Under UK GDPR which of the following organisations are NOT required to appoint a Data Protection Officer?
Who is responsible for monitoring compliance with a public authority school’s Data Protection Policy?
Which of the following are permitted ways under UK GDPR, to transfer personal data outside the UK? Select all that apply.
The right of subject access under Article 15 of UK GDPR gives a data subject the right to: Select all that apply:
Which of the following ensures the secure destruction of records containing personal data? Select all that apply
A college suffers a serious cyber attack on its systems. Under what circumstances must it notify affected data subjects ?
If a Subject Access Request is complex, by how long may you extend the 1 calendar month period for compliance by ?