Employee Handbook Quiz Answers
Question | Answers | Reference |
1 | Q: What does PII stand for?
A: The GDPR defines PII as “Personally Identifiable Information” being any data that helps identify an individual. |
Page 8 |
2 | Q: What is a data subject access request (DSAR)?
A: A Data Subject Access Request (DSAR) is any request, verbal or written, from an individual exercising their rights under the GDPR |
Page 14 |
3 | Q: Who is the regulator responsible for enforcing the GDPR in the UK?
A: In the UK, the GDPR is enforced by the Information Commissioner’s Office (the “ICO). www.ico.org.uk |
Page 5 |
4 | Q: The EU GDPR was enacted into which UK Law?
A: In the UK, the Data Protection Act 2018 is the UK law that embodies the GDPR. |
Page 3 |
5 | Q: What is a retention policy?
A: A retention policy is your organisation’s policy that defines when the different types and categories of personal data processed will be removed, deleted or anonymised. |
Page 13 |
6 |
Q: If you receive a request from a 3rd party to share personal data with them, what should you do? A: Remembering that unlawfully divulging personal information to someone other than the appropriate recipient is a data breach in itself, then it’s important to:
|
Page 15 |
7 |
Q: What precautions should you take if you are using your own device for work? A: If you use your own personal device to access or store the personal data processed by your organisation then you should:
|
Page 20 |
8 |
Q: What should you do if there is a personal data breach? A: If you suspect there has been a data breach then don’t hide it. Report it to your manger and your data protection officer immediately. All data breaches must be recorded as an incident in your Data Breach register |
Page 17 |
9 |
Q: What should you do if you receive a suspicious email? A: If you receive any suspicious emails then make sure you:
If you think you’ve been hacked it will be necessary to find out if any data has been compromised. If it has, change your passwords, record the incident in your data breach register and treat it as a data breach |
Page 22 |
10 |
Q: When should you contact your Data Protection Officer? A: Always contact your DPO whenever you:
|
Page 29 |