DCPP-01 Online Practice Questions and Answers

As per Article 33 of GDPR, in case of a personal data breach, the data controller has to inform the supervisory authority within ___________ of becoming aware of the breach.

A. 48 hours

B. 14 days

C. 72 hours

D. 24 hours

Which of the following laws does not have a mandatory personal data breach notification requirement?

A. General Data Protection Regulation, 2016

B. Information Technology (Amendment) Act, 2008

C. Japanese Act on the Protection of Personal Information

D. UK Data Protection Act, 2018

On September 30, 1970 the ever first data protection law, the ______________ Data Protection Act was passed.

A. Hesse

B. Copenhagen

C. Paris

D. Munich

In the landmark case _____________________ the Honourable Supreme Court of India reaffirmed the status of Right to Privacy as a Fundamental Right under Part III of the constitution.

A. M. P. Sharma and others vs. Satish Chandra, District Magistrate, Delhi, and others

B. Maneka Gandhi vs. Union of India

C. Justice K. S. Puttaswamy (Retd.) and Anr. vs. Union of India And Ors

D. Olga Tellis vs. Bombay Municipal Corporation

____________ is used to identify and reduce privacy risks by analyzing that is processed by the entity and the policies in place to protect the data.

A. Privacy Impact Assessment

B. Anonymization

C. Threat Hunting

D. Minimization

Data processing includes which of the following operations:

A. Collecting

B. Transmitting

C. Storing

D. Disclosing

E. All of the above

Collection of Personal data for a specified objective is the hallmark of which Privacy Principle?

A. Storage limitation

B. Accountability

C. Purpose Limitation

D. Use Limitation

Which of the following could be considered as triggers for updating privacy policy?

A. Regulatory changes

B. Privacy breach

C. Change in service provider for an established business process

D. Recruitment of more employees

XYZ bank has recently decided to start offering online banking services. For doing so, the bank has outsourced its IT operations and processes to various third parties. Acknowledging privacy concerns, bank has decided to implement a privacy program.

Assuming you have been tasked to deploy this framework for the bank, which of the following would most likely be your first step?

A. Create an inventory of business processes that deal with personal information and identify the associated data element.

B. Ensure that bank is equipped to test the relevance of each legal and compliance requirement in its environment.

C. Assign privacy roles and responsibilities for process owners.

D. Any of the above as order is irrelevant.

Which of the following is outside the scope of an organization's privacy incident management plan?

A. Detection of leakage of personal information

B. Defining data access rules for business users

C. Communication of privacy incidents

D. Remediation of incidents