Get your tailored quote!

Or book an appointment here...

OR WHY NOT GIVE US A CALL ON:

(020) 3695 6452
Daido_Metal_UK
Elevate_Logo_RGB-1
MJ_Quinn_UK
thermahome-logo
Hyatt
Finefair


Data Privacy Quiz

How strong is your privacy knowledge? In this quiz, you'll see eight different statements about data privacy. Guess whether each statement is true or false!

 

Over 2,000 customers trust us to deliver permanent peace of mind

altitude-angel-logo-UK altitude-angel-logo-UK
Finefair Finefair
phiture_logo-1024x176 phiture_logo-1024x176
Elevate_Logo_RGB-1 Elevate_Logo_RGB-1
DemoDesk_large DemoDesk_large

Test your privacy know-how

Data Privacy Quiz

Answer the questions to test yourself and learn interesting trivia as you play the quiz.

Start quiz Generic Buyers Guide_Newsletter

1/8

1. My doctor or my doctor’s assistants are not allowed to call me up by name in the waiting room.

Rectangle 403

Correct! Patients can still be called up by name in the waiting room as there is a valid reason to do so. However, it would not be allowed to call up a patient and mention their treatment, e.g., “Ms Smith, please come to room three for your fillings”. Moreover, in accordance with Art. 13 UK-GDPR, information regarding obligations in doctor’s offices must be displayed.

WRONG ANSWER

Incorrect. Patients can still be called up by name in the waiting room as there is a valid reason to do so. However, it would not be allowed to call up a patient and mention their treatment, e.g., “Ms Smith, please come to room three for your fillings”. Moreover, in accordance with Art. 13 UK-GDPR, information regarding obligations in doctor’s offices must be displayed.

2/8

2. If I have not consented to data collection, collecting my data would be unlawful.

Rectangle 403

Correct! Six different lawful legal bases for data collection and processing are listed in Article 6 of the UK-GDPR. Consent is only one of these. Therefore, data collection and processing is lawful if it fills one of the following conditions: it is necessary for the fulfilment of a contract or compliance with a legal obligation, it protects the vital interests of the data subject, the processing is necessary to carry out a task that is in the public interest, or the processing is necessary to safeguard the legitimate interests of the controller or a third party. In addition, the UK-GDPR defines flexibility clauses that are to be implemented in national law. Moreover, you always have the right to request information from an organisation or company about the legal basis on which data was collected. Simply submit a so-called data subject request. This information should also be part of privacy policies or other documents with information according to Art. 13 UK-GDPR.

WRONG ANSWER

Incorrect. Six different lawful legal bases for data collection and processing are listed in Article 6 of the UK-GDPR. Consent is only one of these. Therefore, data collection and processing is lawful if it fills one of the following conditions: it is necessary for the fulfilment of a contract or compliance with a legal obligation, it protects the vital interests of the data subject, the processing is necessary to carry out a task that is in the public interest, or the processing is necessary to safeguard the legitimate interests of the controller or a third party. In addition, the UK-GDPR defines flexibility clauses that are to be implemented in national law. Moreover, you always have the right to request information from an organisation or company about the legal basis on which data was collected. Simply submit a so-called data subject request. This information should also be part of privacy policies or other documents with information according to Art. 13 UK-GDPR.

3/8

3. My employer is not allowed to use team photos on their website – unless everyone in the photo has given their consent.

Rectangle 403

Correct! The UK-GDPR stipulates that consent is absolutely necessary in the absence of another legal basis. Therefore, the consent of the data subjects, in this case the employees on the photo, is mandatory for the publication of their data (this also includes photos). The Information Commissioner's Office (ICO) has issued guidance to supplement the provisions of the UK-GDPR regarding employee data protection. The important thing here is that consent is given voluntarily, can be withdrawn by the data subject, and is not linked to any conditions.

WRONG ANSWER

Incorrect. The UK-GDPR stipulates that consent is absolutely necessary in the absence of another legal basis. Therefore, the consent of the data subjects, in this case the employees on the photo, is mandatory for the publication of their data (this also includes photos). The Information Commissioner's Office (ICO) has issued guidance to supplement the provisions of the UK-GDPR regarding employee data protection. The important thing here is that consent is given voluntarily, can be withdrawn by the data subject, and is not linked to any conditions.

4/8

4. If I do not accept cookies on a website, I will not be able to access important features.

Rectangle 403

Correct! The cookies necessary for the operation of the website do not require consent. These are identified as “technically necessary” or “essential” cookies. In online shops, for example, these cookies ensure that you can place goods in your shopping cart. All other cookies, such as for marketing purposes, are not absolutely necessary for the use of a website and require consent for processing to be legitimate.

WRONG ANSWER

Incorrect. The cookies necessary for the operation of the website do not require consent. These are identified as “technically necessary” or “essential” cookies. In online shops, for example, these cookies ensure that you can place goods in your shopping cart. All other cookies, such as for marketing purposes, are not absolutely necessary for the use of a website and require consent for processing to be legitimate.

5/8

5. My name on the doorbell does not violate my data protection rights. I cannot ask my landlord to remove my name from the doorbell nameplate.

Rectangle 403

Correct! This is a persistent data protection myth. Having your name on the door has absolutely nothing to do with the UK-GDPR and in no way violates the principles of data protection. The former German Federal Data Protection Officer, Andrea Vosshoff, explains the reason for this: “Placing names on doorbell nameplates in itself does not represent automated processing or actual or intended storage in file systems.”

WRONG ANSWER

Incorrect. This is a persistent data protection myth. Having your name on the door has absolutely nothing to do with the UK-GDPR and in no way violates the principles of data protection. The former German Federal Data Protection Officer, Andrea Vosshoff, explains the reason for this: “Placing names on doorbell nameplates in itself does not represent automated processing or actual or intended storage in file systems.”

6/8

6. I can object to receiving advertising emails for similar or supplementary products, even as an existing customer of a company.

Rectangle 403

Correct! Although companies, whose customer base you belong to, can in some cases also rely on a so-called legitimate interest as the legal basis for advertising emails. In addition to consent, you must also be given the opportunity, in a very transparent manner, to withdraw consent to these emails. In addition, the guidance from the ICO on direct marketing must be taken into account.

WRONG ANSWER

Incorrect. Although companies, whose customer base you belong to, can in some cases also rely on a so-called legitimate interest as the legal basis for advertising emails. In addition to consent, you must also be given the opportunity, in a very transparent manner, to withdraw consent to these emails. In addition, the guidance from the ICO on direct marketing must be taken into account.

7/8

7. If I ask my dentist to erase all my personal data, they must delete all the existing data they have on me.

Rectangle 403

Correct! There is certain data that is subject to a statutory retention period. For example, doctors may need to keep patient data in the patient's file for five to ten years, and in some exceptional cases for up to thirty years. Personal data that does not have to be retained on the basis of statutory retention periods, can be deleted on request. However, in some cases, this can result in consequences, such as if the data is required for the execution of contractual relationships, then the destruction of said data cannot be carried out. Moreover, there are a few exceptions according to Art. 17 UK-GDPR, which legitimise the continued retention of personal data.

WRONG ANSWER

Incorrect. There is certain data that is subject to a statutory retention period. For example, doctors may need to keep patient data in the patient´s file for five to ten years, and in some exceptional cases for up to thirty years. Personal data that does not have to be retained on the basis of statutory retention periods, can be deleted on request. However, in some cases, this can result in consequences, such as if the data is required for the execution of contractual relationships, then the destruction of said data cannot be carried out. Moreover, there are a few exceptions according to Art. 17 UK-GDPR, which legitimise the continued retention of personal data.

8/8

8. The messenger provider, WhatsApp, shares some of its users’ data with its parent company, Facebook, and other Facebook companies.

Rectangle 403

Correct. However, it is unclear which data is shared and for what purpose. Even if a Facebook spokeswoman assured users that the WhatsApp user data of British users would not be shared with Facebook and other Facebook companies for advertising purposes, the terms of use allow these data to be transmitted.

WRONG ANSWER

Incorrect - this statement is true. However, it is unclear which data is shared and for what purpose. Even if a Facebook spokeswoman assured users that the WhatsApp user data of British users would not be shared with Facebook and other Facebook companies for advertising purposes, the terms of use allow these data to be transmitted.

The results are in...

Quiz score:

Hmm, looks like your privacy knowledge is a little rusty... but fear not, help is on it's way. Consider signing up to our privacy newsletter. You'll receive practical tips and webinar invites in one dedicated monthly update. You'll be a pro in no time!

Not bad... but are you ready to level up your privacy know-how? Consider signing up to our privacy newsletter. You'll receive practical tips and webinar invites in one dedicated monthly update.

Wow, you're a natural! Interested in learning more? Consider signing up to our privacy newsletter. You'll receive practical tips and webinar invites in one dedicated monthly update.

Low Medium High
image 3-2

Businesses often face the same GDPR issues around data privacy mistakes. These mistakes can have vastly different consequences. Download our whitepaper to find out the 6 most common UK GDPR mistakes and learn ways how to avoid them.

If you want to receive practical tips along with invitations to webinars and online Q&A sessions, consider signing up to our monthly newsletter.

 

Sign up for our newsletter!

WANT TO LEARN MORE?

Browse our data privacy articles and resources 

Talk to an expert

If you have specific questions around data protection in your company or if you’re facing concrete challenges with the implementation of privacy regulations in your company, contact us – we’d love to help you!
Book a free initial consultation here or request a non-binding offer by filling out the email form on the right.