Data Protection & Privacy Compliance Test Welcome to your Data Protection & Privacy Compliance TestThis Test will run for 20 minutes. Name Email Organisation The two types of data we have are? (a) Manual and hard (b) Electronic and soft (c) Manual and electronic (d) Manual and visual Technical measures are sometimes thought of as the protection of personal data held in ______________________ (a) our head (b) computers and networks (c) phones and flash drives (d) office cabinet The protection of data under the NDPR applies to (a) the processing of personal data by automated means alone (b) the processing of personal data by manual means alone (c) the processing of personal data by automated means as well as to manual processing (d) None of the above _________is fundamentally linked to fairness. Its processing is about being clear, open and honest with people from the start about who you are, how and why you use their personal data. a. Opening up b. Data display c. Transparency d. Audit/sharing information with regulators While filing complaints with NITDA, such complaints must meet the following requirements except:i. must be filed in writing, either on paper or electronically.ii. must name the person that is the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable provision(s)iii. NITDA may prescribe additional procedures for the filing of complaints, as well as the place and manner of filing. a. i b. i & ii c. All of the above d. None of the above Listed below are the NDPR governance except: i. Lawful, Fairness and Transparency ii. Purpose Limitation, Data Minimization iii. Principles, Processes, Programs and Procedures iv. Integrity and Confidentiality, Accountability a. All of the above b. None of the above c. iii d. I, ii & iv Personal data must be _______, ______ and ______ to what is necessary in relation to the purposes for which they are processed. a. adequate, relevant, limited b. detailed, relevant, limited c. Transparent, adequate, relevant d. adequate, relevant, complete The NDPR provides guidelines for time frame of personal data storage as listed below except: i. 3 years after the last active use of a digital platform ii. 6 years after the last transaction in a contractual agreement iii. Upon presentation of evidence of death by a deceased’s relative iv. Immediately upon request by the Data Subject or his/her legal guardian where no statutory provision provides otherwise a. I, ii, iii above b. I, ii, iv, above c. All of the above d. None of the above Under the accountability principle of NDPR Governance, Data Controllers are “Responsible for compliance and must be able to demonstrate compliance”? a. True b. False Notification of Data Breach to NITDA must include the following information except: a. A description of the circumstances of the loss or unauthorized access or disclosure b. An assessment of the risk of harm to individuals as a result of the loss or unauthorized access or disclosure c. A description of any steps the organization has taken to reduce the risk of harm to individuals d. None of the above Which of these is not a factor to look at when considering physical security? (a) how you control access to your premises, and how visitors are supervised (b) how you keep IT equipment, particularly mobile devices are secure (c) how to engage security men in searching for stolen items (d) the quality of doors and locks, and the protection of your premises by such means as alarms or CCTV Listed below are some elements of Data Cycle except. a. Collection, Assessment, Usage b. View, Access, Storage c. Transmission, Sharing, Copying d. None of the above Some of the rights of data subjects include the following except: a. Arrest and prosecution b. Restriction of processing c. Data portability d. Objection to Automated decision-making and Profiling When was the Nigeria Data Protection Regulation (NDPR) issued? a. 22nd December, 2019 b. 23rd January, 2020 c. 25th February, 2019 d. 25th January, 2019 Upon reporting a breach to NITDA by a data subject, Director General may direct action to be taken which may include the following except: a. Contact the Organisation for enquiry; Review of earlier filed annual report (if any); b. Data Protection Regulation Compliance Query, Administrative Action, and Prosecution c. A & B above d. None of the above Acting in line with the LETTER and the SPIRIT of laid down rules, regulations, guidelines, standards, laws and codes, conventions; either internal or external is referred to as ______ a. Audit b. Control c. Compliance d. Policy Data Controllers and Administrators have a duty to report to NITDA within __ hours of their knowledge of the breach a. 24 b. 48 c. 72 d. 96 Below are Suspects/culprits involved in Data Protection except: a. Marketers b. Employees c. Facilitators d. Directors A specific, deliberate monitoring carried out to identify breaches with the NDPR is referred to as_____ a. Monitoring process b. Surveillance c. Identification Procedure d. Detective Framework ___________ and ____________ are specified in the NDPR as two examples of measures that may be appropriate for you to implement in the control and mitigation of data breach. (a) Encryption, Corruption (b) Pseudonymization, Encryption (c) Control, Mitigation (d) Pseudonymization, Implementation Ronalds Esealuka2020-07-07T11:39:05+01:00FacebookTwitterLinkedInPinterest