PLC Cheat Sheet 2026

The 30 highest-yield PLC facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

90 questions
150 min time limit
70.00% to pass
  1. Which competency is MOST essential for professionals working in contract review & negotiation in Privacy Law? Critical thinking combined with practical application of knowledge
  2. When facing an unfamiliar challenge in document preparation & filing within Privacy Law, what is the BEST approach? Research established best practices, consult colleagues, and document the approach
  3. Under the California Privacy Rights Act (CPRA), businesses must conduct cybersecurity audits and risk assessments when their processing poses what type of risk? Significant risk to consumers' privacy or security
  4. Under GDPR Article 25, 'data protection by design and by default' requires controllers to implement appropriate technical measures at what point? At the time of determining means of processing AND at the time of processing itself
  5. Which US federal law requires financial institutions to notify customers of a security breach involving their personal financial information? Gramm-Leach-Bliley Act (GLBA)
  6. GPS tracking installed on an employee-owned personal vehicle used for work is: Generally impermissible without the employee's explicit consent
  7. When facing an unfamiliar challenge in contract review & negotiation within Privacy Law, what is the BEST approach? Research established best practices, consult colleagues, and document the approach
  8. Which entity evaluates whether a non-EU country provides adequate protection? European Commission
  9. Under the Genetic Information Nondiscrimination Act (GINA), employers are prohibited from: Using genetic information in hiring, firing, or compensation decisions
  10. Under the GDPR, what is the maximum administrative fine for severe violations? €20 million or 4% of annual global turnover
  11. What is the PRIMARY benefit of documenting courtroom procedures & protocols in Privacy Law? Creating a reference for quality assurance, training, and continuous improvement
  12. Which element is ESSENTIAL for an effective regulatory frameworks & compliance program in Privacy Law? Regular audits and continuous monitoring processes
  13. What did the Schrems II ruling invalidate? Privacy Shield
  14. When learning new courtroom procedures & protocols in Privacy Law, which approach is MOST effective? Combining theoretical study with supervised practical application
  15. Which factor BEST indicates mastery of document preparation & filing in Privacy Law? The ability to adapt knowledge and skills to varying contexts while maintaining standards
  16. When an employee returns from FMLA leave, their medical certification and related health information must be: Kept in a separate confidential medical file, apart from the general personnel file
  17. When addressing difficult situations through client communication & advocacy in Privacy Law, what strategy is BEST? Acknowledging concerns, providing clear information, and offering solutions
  18. Which of the following is a legal basis for processing personal data under GDPR? Consent
  19. What enforcement action can the FTC take against companies violating privacy agreements? Issue consent decrees
  20. Which is a lawful basis for data transfer under GDPR when no adequacy decision exists? Binding Corporate Rules
  21. Which US federal law specifically governs the privacy of video rental and streaming records, and what does it prohibit? VPPA — prohibits disclosure of video viewing records without consent
  22. Which of the following is a potential penalty under the CCPA for intentional violations? $7,500 per violation
  23. Which of the following is NOT typically required in a state breach notification letter to affected individuals? The name of the employee responsible for the breach
  24. What mechanism is commonly used under GDPR for lawful data transfers outside the EU? Standard Contractual Clauses
  25. Which of the following employee records is generally NOT subject to heightened confidentiality requirements under U.S. federal privacy law? Performance review ratings shared through normal HR management processes
  26. What is the PRIMARY objective of contract review & negotiation within the Privacy Law profession? To ensure quality outcomes through standardized practices and continuous improvement
  27. In Privacy Law, what is the MOST effective approach to client communication & advocacy? Active listening combined with clear, empathetic communication
  28. A company wants to analyze user behavior patterns without exposing individual identities. Which Privacy by Design technique BEST supports this goal? Data aggregation and statistical analysis at the group level
  29. What principle requires that personal data be collected for specified, legitimate purposes? Purpose limitation
  30. Transparency in data collection ensures that: Individuals know how their data is used
Turn these facts into recall: