G
D
P
R
The Grandmaster Challenge.
A new era of data privacy is upon us.
But fear not, in uncertain times, knowledge is power.
Now you can become a GDPR Grandmaster in minutes.
Take our quick fire interactive test to equip yourself with everything you need to know.
Find out if you're a GDPR white belt, black belt or Grandmaster.
1/3
WHITE BELT
BROWN BELT
BLACK BELT
GDPR GRANDMASTER
Company X has an annual revenue of €10M.
What is the maximum fine they could receive, for not being GDPR compliant?
What is the maximum fine they could receive, for not being GDPR compliant?
01
Select your answer
01
The correct answer is
c.
Failure to properly handle how personal data is collected, stored, and used could result in significant fines of up to €20 million, or 4% of annual revenue, whichever is greater.
02
The correct answer is
c.
GDPR applies to companies all over the world if they hold EU citizens’ data.
A US company has NO European users, but has a website with a European country code URL (such as .es, .it, .ro). Does this company have to comply with GDPR?
03
Select your answer
03
The correct answer is
a.
Even if your company has no data on European users, if it has a website with a European URL, you must comply with GDPR.
Once consent has been given, user data of EU citizens can be kept indefinitely.
04
Select your answer
04
The correct answer is
b.
EU citizens’ data can be kept for a long time provided that there is sufficient justification. The length of time for which it can be kept is dependent on several varying factors, but no data can be kept indefinitely.
05
The correct answer is
b.
GDPR applies to any data you have, including non-digital data. Even the way paperwork is collected and processed will have to comply with GDPR.
The way that you acquire, store, and manage your employees’ personal data will also be affected by GDPR.
06
Select your answer
06
The correct answer is
a.
All EU citizen data is protected by GDPR, even that of your employees. Their data needs to be collected, used, and stored to the same standards as any non-employee’s data is processed.
Under GDPR, the right to portability allows individuals to obtain their personal data from any organization that holds it, free of charge. When faced with a data portability request from a user, how long do you have to respond?
07
Select your answer
07
The correct answer is
b.
Portability requests must be resolved within a month, although this can be extended to two months for particularly complex cases.
08
The correct answer is
c.
Companies have 72 hours to report a data leak. If the leak is going to significantly affect individuals’ rights and freedoms, you must also inform them as soon as possible.
At what age can children consent (or deny consent) to companies collecting and using their data?
09
Select your answer
09
The correct answer is
a.
GDPR recommends 16 as the age of consent for data collection, but allows for member states to set their own, with a hard lower limit of 13 before parental consent is required. So although 16 will be the most commonly adopted age limit, the correct answer by law is 13.
THE
GRAND
QUESTION
GRAND
-
MASTERQUESTION
Do we, Ogury, have to ask permission to email through your final score, and a link to all the answers to this challenge?
The correct answer is
YES.
As a responsible GDPR compliant data provider, we absolutely do have to ask for your permission to email through your final score, as well a link to all of the answers.
Find out if you are a GDPR Grandmaster!
Congratulations
on finishing the GDPR
Grandmaster Challenge!
Grandmaster Challenge!
Don't keep it a secret, share your newfound GDPR mastery with the world.
