Online Safety 101: Take The Ultimate Data Privacy Quiz

Reviewed by Godwin Iheuwa
Godwin Iheuwa, MS (Computer Science) |
Database Administrator
Review Board Member
Godwin Iheuwa, a Database Administrator at MTN Nigeria, holds an MS in Computer Science, specializing in Agile Methodologies and Database Administration from the University of Bedfordshire and a Bachelor's in Computer Science from the University of Port Harcourt. His proficiency in SQL Server Integration Services (SSIS) and SQL Server Management Studio contributes to his expertise in database management.
 , MS (Computer Science)
By Alfredhook3
A
Alfredhook3
Community Contributor
Quizzes Created: 2944 | Total Attempts: 2,859,606
| Attempts: 87,418
Quiz Lesson
SettingsSettings
Please wait...
  • 1/25 Questions

    What is the correct statement about personal information?

    • It must always be shared.
    • It can be collected without consent.
    • It should be protected and managed.
    • It is not sensitive information.
Please wait...
About This Quiz

Think you’re safe online? Test your knowledge with our Data Privacy Quiz and find out how well you understand digital rights, secure browsing, and online data safety. This engaging quiz covers essential privacy practices, cyber hygiene, and common data threats that affect individuals and organizations alike.

If you're a student, professional, or tech enthusiast, this quiz will help sharpen your awareness of key data protection concepts. It’s also a great prep tool for anyone taking a general data protection regulation test, as it dives into consent, data handling, and user rights under GDPR.

Online Safety 101: Take The Ultimate Data Privacy Quiz - Quiz

Quiz Preview

  • 2. 

    Which of the following actions is essential for ensuring data subject rights under data protection regulations?

    • Denying data access requests

    • Providing data access upon request

    • Collecting data without consent

    • Ignoring data subject requests

    Correct Answer
    A. Providing data access upon request
    Explanation
    The correct answer is B, "Providing data access upon request." Under data protection regulations, such as the General Data Protection Regulation (GDPR), individuals have the right to access their personal data held by organizations. This right empowers individuals to understand what data is collected, how it is used, and whether it is being processed lawfully. Organizations must establish clear procedures for responding to access requests promptly, typically within one month. Ensuring this right enhances transparency, builds trust with data subjects, and helps organizations comply with legal obligations, thereby reducing the risk of penalties and reputational damage.

    Rate this question:

  • 3. 

    What is personal data/PII (Personally Identifiable information)?

    • Any data that alone, or in combination with other information, can identify an individual.

    • Historical information published about a monument.

    • Any information of an employee.

    • Information or data that is stored in a vault.

    Correct Answer
    A. Any data that alone, or in combination with other information, can identify an individual.
    Explanation
    The correct answer is "Any data that alone, or in combination with other information, can identify an individual." This answer accurately defines personal data or Personally Identifiable Information (PII) as any information that can be used to identify a specific individual, either on its own or when combined with other data. It emphasizes the importance of protecting such information due to its potential to invade privacy and pose risks if it falls into the wrong hands.

    Rate this question:

  • 4. 

    While collecting any personal information, you must

    • Ensure data is public

    • Avoid collecting sensitive data

    • Inform individuals of data usage

    • Collect data without consent

    Correct Answer
    A. Inform individuals of data usage
    Explanation
    The correct answer is C, "Inform individuals of data usage." Transparency is a core principle in data privacy, emphasizing that individuals should be aware of how their data will be utilized. When organizations collect personal information, they must communicate the purpose of data collection, its intended use, and how it will be stored and protected. This approach aligns with ethical standards and regulatory requirements, such as the General Data Protection Regulation (GDPR). Failure to inform individuals can lead to mistrust, potential data breaches, and legal repercussions, highlighting the importance of clear communication in data handling practices.

    Rate this question:

  • 5. 

    How often should you backup your data?

    • Once a week.

    • Once a month.

    • In accordance with your organization’s backup policy and the criticality of the data in question.

    • Once a fortnight.

    Correct Answer
    A. In accordance with your organization’s backup policy and the criticality of the data in question.
    Explanation
    The frequency of data backups should be determined based on the organization's backup policy and the criticality of the data. Different types of data may require different backup frequencies. For example, critical data that is constantly changing may need to be backed up more frequently, while less critical data may only need to be backed up once a week or once a month. It is important to consider the potential impact of data loss and the resources available for backups when determining the backup frequency.

    Rate this question:

  • 6. 

    After using someone's personal data, what should you do?

    • Pass it on to someone else.

    • Give it back to the owner.

    • Securely delete or destroy it.

    • Throw it out.

    Correct Answer
    A. Securely delete or destroy it.
    Explanation
    When you have finished using someone's personal data, it is essential to securely delete or destroy it. This is because retaining personal data without a legitimate reason can pose a risk to the individual's privacy and security. Securely deleting or destroying the data ensures that it cannot be accessed or misused by unauthorized individuals. It is important to follow proper data protection protocols to safeguard the privacy and confidentiality of personal information.

    Rate this question:

  • 7. 

    When Phishing occurs, is it only done through email?

    • Yes

    • No

    Correct Answer
    A. No
    Explanation
    Phishing is not limited to email alone. While email is a common method used by cybercriminals to carry out phishing attacks, it can also be done through other means such as text messages, phone calls, or even social media platforms. Phishing is a fraudulent practice where individuals are tricked into revealing sensitive information like passwords or credit card details, and it can occur through various channels, not just email.

    Rate this question:

  • 8. 

    Which of the following is not considered as processing of personal information?

    • Storing personal data

    • Collecting personal data

    • Publicly displaying data

    • Analyzing data for insights

    Correct Answer
    A. Publicly displaying data
    Explanation
    Publicly displaying data is not considered a processing activity related to personal information because it involves sharing information with a broader audience rather than handling or manipulating the data itself. In contrast, processing personal information typically includes activities such as collecting, storing, and analyzing data for insights, which involve managing and utilizing the data in various ways. Publicly displaying data can lead to privacy concerns, as it makes personal information accessible to anyone, potentially violating individuals' rights to confidentiality.

    Rate this question:

  • 9. 

    By which methods should organizations protect personal information?

    • Public sharing of information

    • Using strong encryption

    • Ignoring data security policies

    • Limiting access to personal data

    Correct Answer
    A. Using strong encryption
    Explanation
    The correct answer is B, "Using strong encryption." Encrypting personal data is a fundamental security measure that protects sensitive information from unauthorized access. Strong encryption transforms readable data into a coded format, making it incomprehensible without the proper decryption key. This method ensures confidentiality and integrity, thereby significantly reducing the risk of data breaches and identity theft. Organizations implementing robust encryption protocols comply with data protection regulations and demonstrate a commitment to safeguarding personal information. Moreover, regular assessments and updates of encryption methods are necessary to counter evolving cyber threats, ensuring ongoing protection of sensitive data.

    Rate this question:

  • 10. 

    Who are the targets of modern-day hackers?

    • Banks and finance companies who process a lot of payments.

    • Any organization or individual is liable to be the victim of hackers.

    • Companies which hold a lot of proprietary information.

    • Companies which hold credit card numbers of customers.

    Correct Answer
    A. Any organization or individual is liable to be the victim of hackers.
    Explanation
    Modern-day hackers can target any organization or individual, regardless of their industry or the type of information they hold. Hackers are motivated by various factors such as financial gain, political agendas, or personal vendettas, making anyone a potential target. Therefore, it is important for all organizations and individuals to take necessary precautions to protect their systems and data from potential cyberattacks.

    Rate this question:

  • 11. 

    Where should you store the encryption passphrase for your laptop?

    • Memorize it

    • Use a reputable password manager that supports offline storage

    • Store it in a secure, off-site location, such as a safety deposit box

    • Use a physical security key (like a YubiKey) to store and apply the passphrase

    Correct Answer
    A. Use a reputable password manager that supports offline storage
    Explanation
    The correct answer is to use a reputable password manager that supports offline storage. This method ensures the encryption passphrase is securely stored in an encrypted format, reducing the risk of unauthorized access while allowing easy retrieval when needed. Memorizing it could be risky if forgotten, and storing it in a secure, off-site location (like a safety deposit box) is inconvenient for frequent access. Using a physical security key (like a YubiKey) is another secure option, but it is primarily for storing encryption keys, not passphrases directly. Hence, a password manager is the most practical and secure solution.

    Rate this question:

  • 12. 

    What must you do during the collection of a customer’s personal information?

    • Not collect personal information indiscriminately.

    • Not deceive or mislead individuals about the purposes for collecting personal.

    • Limit the amount and type of information you collect to what is needed for the identified purposes.

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    When collecting a customer's personal information, it is important to follow certain guidelines. First, not collecting personal information indiscriminately means that you should only collect the necessary information that is relevant to the identified purposes. Second, it is crucial not to deceive or mislead individuals about the reasons for collecting their personal information. Lastly, limiting the amount and type of information collected to what is needed for the identified purposes ensures that only necessary information is obtained. Therefore, the correct answer is "All of the above."

    Rate this question:

  • 13. 

    What is the main purpose of General Data Protection Regulation (GDPR)?

    • To protect people's personal information.

    • To help police, doctors, the army, etc., to get information.

    • To help everyone find information.

    • All of the above.

    Correct Answer
    A. To protect people's personal information.
    Explanation
    The main purpose of the given entity is to protect people's personal information. This implies that the entity is specifically designed or intended to safeguard the privacy and confidentiality of individuals' personal data. It does not primarily serve the purpose of assisting police, doctors, the army, etc., in obtaining information, nor does it aim to help everyone find information.

    Rate this question:

  • 14. 

    What is the maximum data breach penalty under the GDPR compliance directives?

    • 20,000,000 euros or up to 4% of annual turnover, whichever is greater.

    • 10,000,000 euros or up to 1% of annual turnover, whichever is greater.

    • 5,000,000 euros, job suspension, and imprisonment for up to 5 years.

    • There is no maximum fine.

    Correct Answer
    A. 20,000,000 euros or up to 4% of annual turnover, whichever is greater.
    Explanation
    The correct answer is 20,000,000 euros or up to 4% of annual turnover, whichever is greater. This penalty is specified under the GDPR compliance directives and is applicable for data breaches. The GDPR aims to protect individuals' personal data and imposes strict penalties for non-compliance. The maximum fine serves as a deterrent for organizations to ensure they handle and protect personal data responsibly.

    Rate this question:

  • 15. 

    What is the person (or office) who has the powers to enforce the Data Protection Act called?

    • Information Commissioner

    • Data Controller

    • Data Subject

    • Data User

    Correct Answer
    A. Information Commissioner
    Explanation
    The Information Commissioner is an independent official appointed to oversee and enforce the Data Protection Act. They have the power to investigate complaints, issue guidance, and take enforcement action against organizations that fail to comply with the law. The Information Commissioner plays a crucial role in safeguarding personal data and ensuring that organizations uphold the principles of data protection.

    Rate this question:

  • 16. 

    Which items would be classified as sensitive personal data?

    • Address

    • CCTV Video

    • Name

    • Religion

    Correct Answer
    A. Religion
    Explanation
    Religion would be classified as sensitive personal data because it is considered to be a deeply personal and private aspect of an individual's identity. Revealing someone's religious beliefs without their consent can potentially lead to discrimination, prejudice, or harm. Therefore, it is important to handle this information with utmost care and ensure its confidentiality and protection.

    Rate this question:

  • 17. 

    How many principles of the Data Protection Act are there? (According to GDPR)

    • 5

    • 6

    • 7

    • 8

    Correct Answer
    A. 7
    Explanation
    The General Data Protection Regulation (GDPR) establishes seven core principles for responsible data handling: lawfulness, fairness, and transparency in processing; purpose limitation to specified, legitimate uses; minimizing data collection to only what's necessary; maintaining accuracy and keeping data up-to-date; limiting storage duration; ensuring integrity and confidentiality through security measures; and accountability of the data controller to demonstrate compliance with these principles.

    Rate this question:

  • 18. 

    What is the best way to validate a legitimate email vs. a phishing email?

    • Bad spelling, poor syntax, and grammar are some of the tell-tale signs of a fake email.

    • Look at the email headers to see where it really came from.

    • Look for poorly replicated logos.

    • Contact the sender on some other medium besides email to verify whether they sent you the email.

    Correct Answer
    A. Contact the sender on some other medium besides email to verify whether they sent you the email.
    Explanation
    The best way to validate a legitimate email vs. a phishing email is to contact the sender on some other medium besides email to verify whether they sent you the email. This is because phishing emails often impersonate legitimate senders, so reaching out to them through a different channel can help confirm their identity. Checking for bad spelling, poor syntax, grammar, looking at email headers, and poorly replicated logos can also provide some clues, but contacting the sender through another medium is the most reliable method.

    Rate this question:

  • 19. 

    What is the timeframe within which an organization must report a data breach to a supervising authority under GDPR?

    • Within 48 hours

    • Within 12 hours

    • Within 24 hours

    • Within 72 hours

    Correct Answer
    A. Within 72 hours
    Explanation
    Under the General Data Protection Regulation (GDPR), an organization must report a data breach to the relevant supervisory authority no later than 72 hours after becoming aware of it. This is known as the 72-hour rule. However, if the notification cannot be made within 72 hours, it should be accompanied by reasons for the delay. 

    Rate this question:

  • 20. 

    How should organizations protect personal information?

    • Physical measures, for example, shredding documents and locking desk drawers.

    • Organizational measures, for example, security clearances and limiting access on a “need-to-know” basis.

    • Technological measures, for example, the use of passwords and encryption.

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    Organizations should protect personal information through a combination of physical measures (e.g., shredding documents, securing physical access), organizational measures (e.g., controlling access on a need-to-know basis, implementing security clearances), and technological measures (e.g., using passwords, encryption) to ensure comprehensive data security.

    Rate this question:

  • 21. 

    To whom does GDPR apply among individuals or organizations?

    • Any organization that processes personal data

    • All data controllers and processors established in the EU and organizations that target EU resident

    • Data controllers operating in the EU

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    The General Data Protection Regulation (GDPR) applies to:
    Any organization that processes personal data.
    All data controllers and processors established in the EU and organizations that target EU residents.
    Data controllers operating in the EU.
    GDPR has a broad scope and is designed to protect the privacy and personal data of individuals within the European Union, regardless of where the data processing takes place. It applies to both organizations within the EU and those outside the EU that handle the personal data of EU residents.

    Rate this question:

  • 22. 

    Who are data users?

    • Individuals who collect data

    • Individuals who analyze and interpret data

    • Individuals who create data

    • Individuals who utilize or consume data

    Correct Answer
    A. Individuals who utilize or consume data
    Explanation
    Data users are individuals who make use of data for analysis, decision-making, or other purposes. They do not necessarily create or collect the data but leverage it to derive insights or support their work.

    Rate this question:

  • 23. 

    What is not considered a wise idea regarding password security?

    • Using easily guessable passwords like "password123"

    • Writing your passwords down on a sticky note that you keep near your computer.

    • Changing your passwords on a regular basis, such as every three-to-six months.

    • Both using easily guessable passwords and writing your passwords down on a sticky note

    Correct Answer
    A. Both using easily guessable passwords and writing your passwords down on a sticky note
    Explanation
    Using easily guessable passwords and writing passwords down on a sticky note and keeping it near the computer is not a wise idea as it increases the risk of someone finding and using the passwords. Therefore, both options A and B are not wise ideas for password security.

    Rate this question:

  • 24. 

    Which items come under PII?

    • Name

    • Email

    • Source Code

    • All of the above

    Correct Answer(s)
    A. Name
    A. Email
    Explanation
    Personally Identifiable Information (PII) is any data that can be used to distinguish or trace an individual's identity. This includes direct identifiers like a person's name, email address, social security number, or biometric data. It also encompasses indirect identifiers, which when combined with other information, could identify someone, such as their date of birth, gender, race, or location data. Protecting PII is crucial to safeguarding individual privacy and preventing potential harm like identity theft or discrimination.

    Rate this question:

  • 25. 

    Which of the following situations adhere to best practices for personal data? (More than one)

    • Data minimization practices

    • Informed consent for data use

    • Storing data indefinitely

    • Regular data audits

    Correct Answer(s)
    A. Data minimization practices
    A. Informed consent for data use
    Explanation
    The correct answers are A and B, "Data minimization practices" and "Informed consent for data use." Data minimization involves collecting only the necessary personal information required for a specific purpose, reducing the risk of exposure in case of a breach. Informed consent ensures that individuals are fully aware of how their data will be used and can make knowledgeable decisions regarding their information. Both practices align with data protection regulations, which emphasize the need for organizations to respect individuals' rights and promote responsible data handling. This dual approach not only builds trust but also mitigates legal and reputational risks.

    Rate this question:

Godwin Iheuwa |MS (Computer Science) |
Database Administrator
Godwin Iheuwa, a Database Administrator at MTN Nigeria, holds an MS in Computer Science, specializing in Agile Methodologies and Database Administration from the University of Bedfordshire and a Bachelor's in Computer Science from the University of Port Harcourt. His proficiency in SQL Server Integration Services (SSIS) and SQL Server Management Studio contributes to his expertise in database management.

Quiz Review Timeline (Updated): Jun 24, 2025 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jun 24, 2025
    Quiz Edited by
    ProProfs Editorial Team

    Expert Reviewed by
    Godwin Iheuwa
  • Dec 07, 2020
    Quiz Created by
    Alfredhook3
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.