NDPR Advanced Test

Welcome to your e-assessment.

Number of Questions: 25

Time Allowed: 15 minutes.

You are allowed only one (1) attempt.

By clicking Start, you have consented to your personal information being processed in line with DataPro’s Privacy Policy.

Name

Organisation

The two types of data we have are?

Manual and hard

Electronic and soft

Manual and electronic

Manual and visual

Technical measures are sometimes thought of as the protection of personal data held in ______________________

our head

computers and networks

phones and flash drives

office cabinet

Who is tasked with driving company-wide compliance with NDPR 2019 at your company?

Compliance Officer

Legal

Data Protection Compliance Officer

Data Protection Officer

When considering cybersecurity, what factors should you look at?

System security

Online security

Data security

All of the above

_________is fundamentally linked to fairness. Its processing is about being clear, open and honest with people from the start about who you are, how and why you use their personal data

Opening up

Data display

Transparency

Audit/sharing information with regulators

Technical measures may sometimes be referred as?

System security

Cybersecurity

Data Security

Physical Security

Acting in line with the LETTER and the SPIRIT of laid down rules, regulations, guidelines, standards, laws and codes, conventions; either internal or external is referred to as ______

Audit

Control

Compliance

Policy

When confronting threats from spam emails, an effective measure is----------

a. To implement an email security and filtering system

c. Access to data backups (onsite/offsite)

c. None of the above

d. A and B

When can we say data misuse has occurred?

When consumers are unpleasantly surprised that data about them has been collected or that it has been used in new ways

When consumers are unpleasantly surprised about the way they were attended to

When consumers feel that the company should sell goods at a cheaper rate to them

When consumers are unpleasantly surprised that the company’s staff are rude

The protection of data under the NDPR applies to

the processing of personal data by automated means alone

the processing of personal data by manual means alone

the processing of personal data by automated means as well as to manual processing

None of the above

Listed below are the NDPR governance except:

i. Lawful, Fairness and Transparency
ii. Purpose Limitation, Data Minimization
iii. Principles, Processes, Programs and Procedures
iv. Integrity and Confidentiality, Accountability

All of the above

None of the above

i, ii & iii

I, ii & iv

Which of these is not a factor to look at when considering physical security?

how you control access to your premises, and how visitors are supervised

how you keep IT equipment, particularly mobile devices are secure

how to engage security men in searching for stolen items

the quality of doors and locks, and the protection of your premises by such means as alarms or CCTV

Personal data must be _______, ______ and ______ to what is necessary in relation to the purposes for which they are processed

adequate, relevant, limited

detailed, relevant, limited

Transparent, adequate, relevant

adequate, relevant, complete

___________ and ____________ are specified in the NDPR as two examples of measures that may be appropriate for you to implement in the control and mitigation of data breach

Encryption, Corruption

Pseudonymization, Encryption

Control, Mitigation

Pseudonymization, Implementation

What is the ultimate goal of the NDPR 2019?

Penalise non-compliant organisations

Safeguard the rights of natural persons

Provide guidelines for the manipulation of personal data

Impose mandatory obligations on institutions

The storage that comes in different forms including backing up information on removable hard drives or other external storage mediums is referred to as?

Offsite storage

Onsite storage

Input storage

None of the above

Which of the following is not a component of compliance?

Policies

Programs

Measures

Procedures

A specific, deliberate monitoring carried out to identify breaches with the NDPR is referred to as_____

Monitoring process

Surveillance

Identification Procedure

Detective Framework

Which of the following is not a control of compliance?

Circulation

Direction

Correction

Detection

Upon reporting a breach to NDPB by a data subject, Director General may direct action to be taken which may include the following except:

a. Contact the Organisation for enquiry; Review of earlier filed annual report (if any

b. Data Protection Regulation Compliance Query, Administrative Action, and Prosecution

c. A & B above

d. None of the above

Notification of Data Breach to NDPB must include the following information except:

A description of the circumstances of the loss or unauthorized access or disclosure

An assessment of the risk of harm to individuals as a result of the loss or unauthorized access or disclosure

A description of any steps the organization has taken to reduce the risk of harm to individuals

All of the above

Under the accountability principle of NDPR Governance, Data Controllers are “Responsible for compliance and must be able to demonstrate compliance”?

True

False

Some of the rights of data subjects include the following except

Arrest and prosecution

Restriction of processing

Data portability

Objection to Automated decision-making and Profiling

Some common threats when creating a threat list includes the following except

Records of physical assets

Computer & network passwords

Data backups

Cabinet check

Which of the following is not considered a data subject?

Job seekers

Customers

Vendors

Consumers

1 out of 25

Time is Up!

Time's up

Title