Take the Royds Withy King GDPR Quiz
You may think that you are ready for the GDPR deadline this May, but have you really tested the depth of your understanding? Can you be sure that the people in your organisation are fully prepared? If you want to avoid any breaches in compliance after the 25th, you can always contact our specialist GDPR taskforce and discuss any concerns that you many have.
Take the quiz and then share your results with your colleagues to see if your GDPR knowledge is ready for the deadline day this May 25.
Which organisations does the GDPR affect?
Any organisation, big or small will have to comply with the key principles, rules and rights set out in the regulations.
True or false, Brexit will not affect the enforceability of the GDPR?
True - It will come into force regardless of Brexit. The GDPR is a piece of EU legislation which is automatically incorporated into UK law. The UK will need to comply with the Regulation while it is still a part of the EU and after its exit from the EU, the Data Protection Bill will apply, which incorporates the principles of the GDPR. Also due to the extraterritorial reach of the GDPR, if the UK wants to continue to do business with the EU after Brexit, UK businesses will need to comply.
Which of the following are examples of special category data under the GDPR?
Special category data is more sensitive than personal data. This is information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health and sex life or sexual orientation. There are special conditions and requirements for collecting and processing special category data.
Can a business charge for a Subject Access Requests?
A business will not be able to charge for complying with a request unless the request is ‘manifestly unfounded or excessive’. If the request is excessive then the organisation may charge a reasonable fee or refuse the request. To do that a business will need to provide evidence of how that conclusion was made.
Are there any financial penalties for a breach of GDPR?
Financial penalties of up to €20,000,000 or 4% of global annual turnover - whichever is higher. These fines are for the most serious breaches of the GDPR. For other breaches there are financial penalties of up to €10,000,000 or 2% of global annual turnover, whichever is greater.
How long can an organisation keep the personal data of a prospective job applicant?
Do all staff need to be aware and trained on the GDPR?
All staff need be aware and trained on the GDPR. The ICO reports that 62% of reported data breaches are due to human error by staff.
True or false, a clause in employment contracts which states that an organisation can collect and process staff data with their consent is enough?
Blanket consent clauses in employment contracts to collect and process staff data will be insufficient. Under the GDPR consent must be freely given, informed, specific and unambiguous, as well as presented in an intelligible and easily accessible format using clear and plain language, where it can also be withdrawn at any time. It is unlikely within an employment contract that consent will ever be able to be freely given.
Does using a safe cloud provider fall within processing data?
By giving the cloud provider personal data where someone can be identified from that data the cloud provider is processing data. A Data Processing Agreement is necessary to ensure the processing meets all the requirements of the GDPR. The GDPR requires such an agreement to be in writing and a GDPR compliant agreement will safeguard the position of both the data controller and the data processor.
Which policy regulates how personal data is collected, processed and protected?