Data breach quiz - FINAL

>

<

Data breach quiz

Start

Question 1 of 7

According to UK GDPR, the definition of a personal data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”

False

True

Incorrect!

>

Correct!

>

Question 2 of 7

Where a report to the ICO is required, how much time do you have to report a data breach to the ICO?

96 hours

48 hours

72 hours

Incorrect!

>

Correct!

>

Insight

See Section II of Article 29 of the Working Party Guidelines for further information about when this time period starts. A personal data breach must be reported without undue delay, not later than 72 hours after having become aware of it. See Article 33 UK GDPR. Please note if you take longer than 72 hours to report a data breach, you must give reasons for the delay.

>

Question 3 of 7

Which of the following is an example of a personal data breach?

Sending personal data to an incorrect email address

Leaving a HR file in a café

Theft of computer devices containing personal data

All of the above

Incorrect!

>

Question 4 of 7

You need to notify the ICO of all data breaches.

True

False

Correct!

>

Incorrect!

>

Correct!

>

Insight

You only need to notify the ICO if the risk to people’s rights and freedoms is likely. If the risk to people’s rights and freedoms is unlikely, you do not have to report the breach to the ICO. If you decide to not report the breach, you should keep a record of why you decided not to report this breach in case you are asked to justify your decision.

>

Question 5 of 7

The fine for failing to notify the ICO of all notifiable breaches is up to £8.7million or 2% of your global turnover.

True

False

Incorrect!

>

Correct!

>

Question 6 of 7

You only need to inform the individual whose data has been breached if the breach is likely to result in a high risk to the rights and freedoms of that individual.

True

False

Correct!

>

Incorrect!

>

Insight

According to the ICO guidance, a ‘high risk’ means that the impact of the data breach is more than severe – there is a high likelihood that consequences will flow from the breach. You will need to look at both the potential and actual impact of the breach.

>

Question 7 of 7

In which scenario would you need to inform the individual about the data breach?

A) An employee deletes a client’s information from the system. This information is quickly recreated from a backup.

B) A medical professional accidentally publishes patient records online.

C) A member of staff at a University sends incorrect student records to another student. The document was password protected. The student informs the member of staff, deletes the email and provides proof of this.

Incorrect!

>

Correct!

>

Insight

Scenario (a) and (c) are unlikely to result in a high risk to the rights and freedoms of the individual.

>

Completed

Thank you for completing the quiz.

Retake quiz

Free downloadable report: Does your business have a plan for how to respond quickly to a cyber security threat?Download the report now.

>

<