Trusted and used by companies
Answer the questions to test yourself and learn interesting trivia as you play the quiz.
Start quiz
Correct! Patients can still be called up by name in the waiting room as there is a valid reason to do so. However, it would not be allowed to call up a patient and mention their treatment, e.g., “Ms Smith, please come to room three for your fillings”. Moreover, in accordance with Art. 13 UK-GDPR, information regarding obligations in doctor’s offices must be displayed.
Incorrect. Patients can still be called up by name in the waiting room as there is a valid reason to do so. However, it would not be allowed to call up a patient and mention their treatment, e.g., “Ms Smith, please come to room three for your fillings”. Moreover, in accordance with Art. 13 UK-GDPR, information regarding obligations in doctor’s offices must be displayed.
Correct! Six different lawful legal bases for data collection and processing are listed in Article 6 of the UK-GDPR. Consent is only one of these. Therefore, data collection and processing is lawful if it fills one of the following conditions: it is necessary for the fulfilment of a contract or compliance with a legal obligation, it protects the vital interests of the data subject, the processing is necessary to carry out a task that is in the public interest, or the processing is necessary to safeguard the legitimate interests of the controller or a third party. In addition, the UK-GDPR defines flexibility clauses that are to be implemented in national law. Moreover, you always have the right to request information from an organisation or company about the legal basis on which data was collected. Simply submit a so-called data subject request. This information should also be part of privacy policies or other documents with information according to Art. 13 UK-GDPR.
Incorrect. Six different lawful legal bases for data collection and processing are listed in Article 6 of the UK-GDPR. Consent is only one of these. Therefore, data collection and processing is lawful if it fills one of the following conditions: it is necessary for the fulfilment of a contract or compliance with a legal obligation, it protects the vital interests of the data subject, the processing is necessary to carry out a task that is in the public interest, or the processing is necessary to safeguard the legitimate interests of the controller or a third party. In addition, the UK-GDPR defines flexibility clauses that are to be implemented in national law. Moreover, you always have the right to request information from an organisation or company about the legal basis on which data was collected. Simply submit a so-called data subject request. This information should also be part of privacy policies or other documents with information according to Art. 13 UK-GDPR.
Correct! The UK-GDPR stipulates that consent is absolutely necessary in the absence of another legal basis. Therefore, the consent of the data subjects, in this case the employees on the photo, is mandatory for the publication of their data (this also includes photos). The Information Commissioner's Office (ICO) has issued guidance to supplement the provisions of the UK-GDPR regarding employee data protection. The important thing here is that consent is given voluntarily, can be withdrawn by the data subject, and is not linked to any conditions.
Incorrect. The UK-GDPR stipulates that consent is absolutely necessary in the absence of another legal basis. Therefore, the consent of the data subjects, in this case the employees on the photo, is mandatory for the publication of their data (this also includes photos). The Information Commissioner's Office (ICO) has issued guidance to supplement the provisions of the UK-GDPR regarding employee data protection. The important thing here is that consent is given voluntarily, can be withdrawn by the data subject, and is not linked to any conditions.
Correct! The cookies necessary for the operation of the website do not require consent. These are identified as “technically necessary” or “essential” cookies. In online shops, for example, these cookies ensure that you can place goods in your shopping cart. All other cookies, such as for marketing purposes, are not absolutely necessary for the use of a website and require consent for processing to be legitimate.
Incorrect. The cookies necessary for the operation of the website do not require consent. These are identified as “technically necessary” or “essential” cookies. In online shops, for example, these cookies ensure that you can place goods in your shopping cart. All other cookies, such as for marketing purposes, are not absolutely necessary for the use of a website and require consent for processing to be legitimate.
Correct! This is a persistent data protection myth. Having your name on the door has absolutely nothing to do with the UK-GDPR and in no way violates the principles of data protection. The former German Federal Data Protection Officer, Andrea Vosshoff, explains the reason for this: “Placing names on doorbell nameplates in itself does not represent automated processing or actual or intended storage in file systems.”
Incorrect. This is a persistent data protection myth. Having your name on the door has absolutely nothing to do with the UK-GDPR and in no way violates the principles of data protection. The former German Federal Data Protection Officer, Andrea Vosshoff, explains the reason for this: “Placing names on doorbell nameplates in itself does not represent automated processing or actual or intended storage in file systems.”
Correct! Although companies, whose customer base you belong to, can in some cases also rely on a so-called legitimate interest as the legal basis for advertising emails. In addition to consent, you must also be given the opportunity, in a very transparent manner, to withdraw consent to these emails. In addition, the guidance from the ICO on direct marketing must be taken into account.
Incorrect. Although companies, whose customer base you belong to, can in some cases also rely on a so-called legitimate interest as the legal basis for advertising emails. In addition to consent, you must also be given the opportunity, in a very transparent manner, to withdraw consent to these emails. In addition, the guidance from the ICO on direct marketing must be taken into account.
Correct! There is certain data that is subject to a statutory retention period. For example, doctors may need to keep patient data in the patient's file for five to ten years, and in some exceptional cases for up to thirty years. Personal data that does not have to be retained on the basis of statutory retention periods, can be deleted on request. However, in some cases, this can result in consequences, such as if the data is required for the execution of contractual relationships, then the destruction of said data cannot be carried out. Moreover, there are a few exceptions according to Art. 17 UK-GDPR, which legitimise the continued retention of personal data.
Incorrect. There is certain data that is subject to a statutory retention period. For example, doctors may need to keep patient data in the patient´s file for five to ten years, and in some exceptional cases for up to thirty years. Personal data that does not have to be retained on the basis of statutory retention periods, can be deleted on request. However, in some cases, this can result in consequences, such as if the data is required for the execution of contractual relationships, then the destruction of said data cannot be carried out. Moreover, there are a few exceptions according to Art. 17 UK-GDPR, which legitimise the continued retention of personal data.
Correct. However, it is unclear which data is shared and for what purpose. Even if a Facebook spokeswoman assured users that the WhatsApp user data of British users would not be shared with Facebook and other Facebook companies for advertising purposes, the terms of use allow these data to be transmitted.
Incorrect - this statement is true. However, it is unclear which data is shared and for what purpose. Even if a Facebook spokeswoman assured users that the WhatsApp user data of British users would not be shared with Facebook and other Facebook companies for advertising purposes, the terms of use allow these data to be transmitted.
Hmm, looks like your privacy knowledge is a little rusty... but fear not, help is on it's way. Consider signing up to our privacy newsletter. You'll receive practical tips and webinar invites in one dedicated monthly update. You'll be a pro in no time!
Not bad... but are you ready to level up your privacy know-how? Consider signing up to our privacy newsletter. You'll receive practical tips and webinar invites in one dedicated monthly update.
Wow, you're a natural! Interested in learning more? Consider signing up to our privacy newsletter. You'll receive practical tips and webinar invites in one dedicated monthly update.
Businesses often face the same GDPR issues around data privacy mistakes. These mistakes can have vastly different consequences. Download our whitepaper to find out the 6 most common UK GDPR mistakes and learn ways how to avoid them.
If you want to receive practical tips along with invitations to webinars and online Q&A sessions, consider signing up to our monthly newsletter.
Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.
100% success in ISO 27001 audits to date
TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.
