CCO Data Privacy and Information Security Compliance 2

Question 1

What is the principle of data minimization under GDPR?

Accepted Answer

Collecting only the personal data that is necessary for the specified purpose

Answer

Storing data in the smallest possible file format

Answer

Limiting data to a single database

Answer

Reducing the number of employees with data access

Question 2

What is the right to erasure ('right to be forgotten') under GDPR?

Accepted Answer

An individual's right to request deletion of their personal data under certain circumstances

Answer

The right to delete a company's data storage systems

Answer

The right to remove negative reviews online

Answer

A company's right to delete inactive accounts

Question 3

What is HIPAA and what type of data does it protect?

Accepted Answer

The Health Insurance Portability and Accountability Act, which protects protected health information (PHI) in the US

Answer

A cybersecurity law protecting financial data

Answer

An international standard for hospital records

Answer

A privacy law specific to Medicare and Medicaid

Question 4

What is the role of a Data Protection Officer (DPO)?

Accepted Answer

To oversee data protection strategy and ensure compliance with GDPR and related privacy laws

Answer

To manage the company's IT infrastructure

Answer

To process customer data requests only

Answer

To serve as the company's legal counsel for all matters

Question 5

What is 'privacy by design'?

Accepted Answer

Embedding privacy protections into the design of systems, processes, and products from the outset rather than adding them later

Answer

Designing aesthetically pleasing privacy notices

Answer

A method for encrypting databases

Answer

A customer-facing transparency tool

Question 6

What is a lawful basis for processing personal data under GDPR?

Accepted Answer

One of six legal grounds such as consent, contract performance, legal obligation, vital interests, public task, or legitimate interests

Answer

The company's desire to improve its services

Answer

The existence of a privacy policy

Answer

The company's internal data governance policy