Data Protection & Privacy Compliance Test

Welcome to your Data Protection & Privacy Compliance Test

This Test will run for 20 minutes.

Name

Organisation

_________is fundamentally linked to fairness. Its processing is about being clear, open and honest with people from the start about who you are, how and why you use their personal data.

a. Opening up

b. Data display

c. Transparency

d. Audit/sharing information with regulators

Personal data must be _______, ______ and ______ to what is necessary in relation to the purposes for which they are processed.

a. adequate, relevant, limited

b. detailed, relevant, limited

c. Transparent, adequate, relevant

d. adequate, relevant, complete

The NDPR provides guidelines for time frame of personal data storage as listed below except:

i. 3 years after the last active use of a digital platform

ii. 6 years after the last transaction in a contractual agreement

iii. Upon presentation of evidence of death by a deceased’s relative

iv. Immediately upon request by the Data Subject or his/her legal guardian where no statutory provision provides otherwise

a. I, ii, iii above

b. I, ii, iv, above

c. All of the above

d. None of the above

Technical measures are sometimes thought of as the protection of personal data held in ______________________

(a) our head

(b) computers and networks

(d) office cabinet

Listed below are some elements of Data Cycle except.

a. Collection, Assessment, Usage

b. View, Access, Storage

c. Transmission, Sharing, Copying

d. None of the above

Notification of Data Breach to NITDA must include the following information except:

a. A description of the circumstances of the loss or unauthorized access or disclosure

b. An assessment of the risk of harm to individuals as a result of the loss or unauthorized access or disclosure

c. A description of any steps the organization has taken to reduce the risk of harm to individuals

d. None of the above

A specific, deliberate monitoring carried out to identify breaches with the NDPR is referred to as_____

a. Monitoring process

b. Surveillance

c. Identification Procedure

d. Detective Framework

Acting in line with the LETTER and the SPIRIT of laid down rules, regulations, guidelines, standards, laws and codes, conventions; either internal or external is referred to as ______

a. Audit

b. Control

c. Compliance

d. Policy

Upon reporting a breach to NITDA by a data subject, Director General may direct action to be taken which may include the following except:

a. Contact the Organisation for enquiry; Review of earlier filed annual report (if any);

b. Data Protection Regulation Compliance Query, Administrative Action, and Prosecution

c. A & B above

d. None of the above

While filing complaints with NITDA, such complaints must meet the following requirements except:

i. must be filed in writing, either on paper or electronically.

ii. must name the person that is the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable provision(s)

iii. NITDA may prescribe additional procedures for the filing of complaints, as well as the place and manner of filing.

a. i

b. i & ii

c. All of the above

d. None of the above

Data Controllers and Administrators have a duty to report to NITDA within __ hours of their knowledge of the breach

a. 24

b. 48

c. 72

d. 96

The protection of data under the NDPR applies to

(a) the processing of personal data by automated means alone

(b) the processing of personal data by manual means alone

(d) None of the above

___________ and ____________ are specified in the NDPR as two examples of measures that may be appropriate for you to implement in the control and mitigation of data breach.

(a) Encryption, Corruption

(b) Pseudonymization, Encryption

(d) Pseudonymization, Implementation

Listed below are the NDPR governance except:

i. Lawful, Fairness and Transparency

ii. Purpose Limitation, Data Minimization

iii. Principles, Processes, Programs and Procedures

iv. Integrity and Confidentiality, Accountability

a. All of the above

b. None of the above

c. iii

d. I, ii & iv

Some of the rights of data subjects include the following except:

a. Arrest and prosecution

b. Restriction of processing

c. Data portability

d. Objection to Automated decision-making and Profiling

When was the Nigeria Data Protection Regulation (NDPR) issued?

a. 22nd December, 2019

b. 23rd January, 2020

c. 25th February, 2019

d. 25th January, 2019

Under the accountability principle of NDPR Governance, Data Controllers are “Responsible for compliance and must be able to demonstrate compliance”?

a. True

b. False

Below are Suspects/culprits involved in Data Protection except:

a. Marketers

b. Employees

c. Facilitators

d. Directors

The two types of data we have are?

(a) Manual and hard

(b) Electronic and soft

(d) Manual and visual

Which of these is not a factor to look at when considering physical security?

(a) how you control access to your premises, and how visitors are supervised

(b) how you keep IT equipment, particularly mobile devices are secure

(d) the quality of doors and locks, and the protection of your premises by such means as alarms or CCTV

Data Protection & Privacy Compliance Test

Welcome to your Data Protection & Privacy Compliance Test

Title