General Data Protection Regulation (GDPR) Quiz – GDPR is Coming!

The countdown is on!

In less than a year, on May 25th, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will go into effect. How GDPR-educated is your organization? Now is the time to find out where you stand. Take the GDPR quiz below:

1.    What is the maximum data breach penalty, under the GDPR compliance directives? 
A.    20,000,000 euros or up to 4% of annual turnover, whichever is greater
B.    10,000,000 euros or up to 2% of annual turnover, whichever is greater
C.    There is no maximum fine

2.    GDPR applies to which types of individuals or organizations: 
A.    Any organization that processes personal data
B.    All data controllers and processors established in the EU and organizations that target EU citizens
C.    Data controllers operating in the EU

3.    A Data Protection Officer (DPO) must be appointed: 
A.    In all cases, regardless of the levels of data processing
B.    If an organization processes any sensitive personal data relating to EU citizens
C.    If an organization conducts large scale systematic monitoring or processes large amounts of sensitive personal data

4.    Complete the following statement: “Consent must be explicit…”
A.    For all personal data
B.    Only for children under the age of 16
C.    In the case of sensitive personal data or trans-border data flow

5.    Within what period of time must an organization notify a supervising authority about a data breach?
A.    Within 48 hours
B.    Within 12 hours
C.    Within 72 hours

6.    In May 2018, GDPR regulations will give EU residents and citizens more rights and control over their data. However, in what terms will they have more rights and control? 
A.    The right to be forgotten
B.    The right of data portability
C.    Both A and B

7.    What type of data is prohibited from processing?
A.    Biometric Data
B.    Ethnic Origin
C.    Both A and B

8.    Within which timeframe are organizations required to respond to data access requests? 
A.    40 days
B.    1 month
C.    10 working days

9.    Techniques for data protection by design include which of the following? 
A.    Cleansing
B.    Pseudonymisation
C.    Interpretation 

10.    Which of the following three endings would make the following statement true: “Data controllers or processors not established in the EU, but who process EU data…”
A.    Must only adhere to local data protection policy
B.    Are exempt from GDPR
C.    Require a designated representative in the EU


1.    A
2.    B
3.    C
4.    C
5.    C
6.    C
7.    C
8.    B
9.    B
10.  C

How did you do? 

If you missed two or more of the listed GDPR questions, then it may be time to brush up on your GDPR knowledge. With less than a year left to go, there’s still time to prepare your organization for the EU’s GDPR compliance requirements.

Three Compliance Red Flags

Facilitating and sustaining GDPR compliance will require a dynamic and collaborative process and strategy. Awareness, data volume, and security hygiene play a critical role within any compliance strategy. Here’s why:

  1. Awareness: What your employees don’t know can hurt your compliance initiatives. Consider offering regularly scheduled security training on the proper handling of data.
  2. Data Volume: What you don’t see can hinder your ability to secure data. Managing a higher volume of data becomes even more arduous to protect without a solution that enables visibility, monitoring, or reporting. It will also be a problem if you need to audit or report on your data and security measures for GDPR.
  3. Security Hygiene: If you’re not securing or managing the endpoints within your IT infrastructure, allowing the practice of shadow IT, or not properly controlling administrative access to your data, then it’s time to reevaluate your data security hygiene. In each case, your data could be compromised. Effectively securing your data and IT infrastructure within GDPR compliance equates to maintaining full control and visibility.

A secure data transfer platform that enables operational visibility and efficiency is crucial for the IT professional that wants to design a data management strategy that will help a company meet and maintain compliance requirements for the EU’s GDPR directives.  

Managed File Transfer (MFT) Software and GDPR Compliance

Globalscape’s secure data transfer platform, Enhanced File Transfer™ (EFT™) offers a powerful solution that enables organizations to manage data securely, efficiently, and with transparency—all of which are crucial functions when it comes to facilitating GDPR compliance. 

Simplify your GDPR compliance journey with EFT and its built-in controls that support regulatory compliance, governance, and visibility. Additionally, EFT offers enterprise-level security and administration that’s easy and granular enough to ensure that you have complete control over your file transfer system.

With EFT, you can:

  • Use industry-standard secure protocols to secure your file transfers
  • Monitor file movement and user activities on your network
  • Create a multi-layered security solution for data storage and retrieval, authentication, and firewall traversal with Globalscape DMZ Gateway®
  • Use malware and Data Loss Protection (DLP) tools to prevent malware from entering the network and sensitive data from leaving the network
  • Use data wiping to thoroughly delete data
  • Encrypt stored data
  • Securely access your data on any device without the cloud

With the right strategy and tools in place, you can design data management process that helps your company meet and maintain GDPR compliance. Are you ready to get started? 

Download our latest GDPR compliance eBook, “EU GDPR Compliance – Are You Prepared?” or contact us today to find out how we can help you comply with GDPR