120 GDPR Basics: Key Definitions, Principles, Rights, and Lawful Bases Practice Questions (2026)

Full Question List

1. Question 1

   What is personal data under GDPR?

2. Question 2

   Who is a data controller?

3. Question 3

   Who is a data processor?

4. Question 4

   What is a data subject?

5. Question 5

   What is processing under GDPR?

6. Question 6

   What is special category data?

7. Question 7

   What does pseudonymization mean?

8. Question 8

   What does anonymization mean?

9. Question 9

   What is a data breach?

10. Question 10

    What is a profiling activity?

11. Question 11

    What is explicit consent?

12. Question 12

    What is a supervisory authority?

13. Question 13

    What are the six GDPR principles?

14. Question 14

    What does lawfulness, fairness, transparency mean?

15. Question 15

    What is purpose limitation?

16. How many did you know?

    Turn these into interactive flashcards and track your progress automatically.

    Practice with flashcards →

17. Question 16

    What is data minimization?

18. Question 17

    What is the accuracy principle?

19. Question 18

    What is storage limitation?

20. Question 19

    What is integrity and confidentiality?

21. Question 20

    What is the accountability principle?

22. Question 21

    Why must processing be transparent?

23. Question 22

    How does purpose limitation affect data reuse?

24. Question 23

    What makes processing fair?

25. Question 24

    How long should you keep personal data?

26. Question 25

    What is the right to be informed?

27. Question 26

    What is the right of access?

28. Question 27

    What is the right to rectification?

29. Question 28

    What is the right to erasure?

30. Question 29

    What is the right to restrict processing?

31. Question 30

    What is the right to data portability?

32. How many did you know?

    Turn these into interactive flashcards and track your progress automatically.

    Practice with flashcards →

33. Question 31

    What is the right to object?

34. Question 32

    What are rights regarding automated decision-making?

35. Question 33

    How long do you have to respond to rights requests?

36. Question 34

    Can you charge for subject access requests?

37. Question 35

    When can you refuse a rights request?

38. Question 36

    What must a privacy notice include?

39. Question 37

    What are the six lawful bases for processing?

40. Question 38

    What is valid consent under GDPR?

41. Question 39

    When is consent not freely given?

42. Question 40

    What is the contract basis?

43. Question 41

    What is the legal obligation basis?

44. Question 42

    What is the vital interests basis?

45. Question 43

    What is the public task basis?

46. Question 44

    What is the legitimate interests basis?

47. Question 45

    What is a Legitimate Interests Assessment?

48. How many did you know?

    Turn these into interactive flashcards and track your progress automatically.

    Practice with flashcards →

49. Question 46

    Can you switch lawful bases?

50. Question 47

    Must consent be documented?

51. Question 48

    When should you use consent as basis?

52. Question 49

    When must you report a breach to authorities?

53. Question 50

    When must you notify individuals of a breach?

54. Question 51

    What should a breach notification include?

55. Question 52

    Must you keep records of breaches?

56. Question 53

    What counts as becoming aware of a breach?

57. Question 54

    What are examples of high-risk breaches?

58. Question 55

    Who is responsible for breach notifications?

59. Question 56

    What mitigation steps should you take?

60. Question 57

    What if you can't report within 72 hours?

61. Question 58

    What's a controller-to-controller breach?

62. Question 59

    Can you avoid notifying individuals?

63. Question 60

    What's a breach response plan?

64. How many did you know?

    Turn these into interactive flashcards and track your progress automatically.

    Practice with flashcards →

65. Question 61

    When must you appoint a DPO?

66. Question 62

    What are a DPO's main tasks?

67. Question 63

    Can a DPO be an existing employee?

68. Question 64

    What qualifications should a DPO have?

69. Question 65

    Can multiple organizations share a DPO?

70. Question 66

    Must you publish DPO contact details?

71. Question 67

    Can you dismiss a DPO?

72. Question 68

    What resources must you provide to DPO?

73. Question 69

    Can a DPO outsource work?

74. Question 70

    Who reports to the DPO?

75. Question 71

    Can a DPO be a lawyer?

76. Question 72

    What's the difference between DPO and privacy officer?

77. Question 73

    What is privacy by design?

78. Question 74

    What is privacy by default?

79. Question 75

    What is a Data Protection Impact Assessment?

80. How many did you know?

    Turn these into interactive flashcards and track your progress automatically.

    Practice with flashcards →

81. Question 76

    When must you conduct a DPIA?

82. Question 77

    What should a DPIA include?

83. Question 78

    Who should be consulted in a DPIA?

84. Question 79

    When should you consult supervisory authority?

85. Question 80

    What are appropriate technical measures?

86. Question 81

    What are appropriate organizational measures?

87. Question 82

    Should you review DPIAs regularly?

88. Question 83

    What's the screening list for DPIAs?

89. Question 84

    Can you use a single DPIA for multiple projects?

90. Question 85

    What is an international transfer?

91. Question 86

    What is an adequacy decision?

92. Question 87

    What are Standard Contractual Clauses?

93. Question 88

    What are Binding Corporate Rules?

94. Question 89

    Can you transfer data based on consent?

95. Question 90

    What is a Transfer Impact Assessment?

96. How many did you know?

    Turn these into interactive flashcards and track your progress automatically.

    Practice with flashcards →

97. Question 91

    Which countries have adequacy decisions?

98. Question 92

    What happened to Privacy Shield?

99. Question 93

    Does storing data in EU avoid transfer issues?

100. Question 94

     What are supplementary measures?

101. Question 95

     Can you transfer for contract performance?

102. Question 96

     What about transfers for legal claims?

103. Question 97

     What are GDPR fines?

104. Question 98

     What determines fine amount?

105. Question 99

     Can individuals claim compensation?

106. Question 100

     Can supervisory authorities issue warnings?

107. Question 101

     Who enforces GDPR?

108. Question 102

     What is the one-stop-shop mechanism?

109. Question 103

     Can authorities conduct audits?

110. Question 104

     Can processing be temporarily banned?

111. Question 105

     How do individuals lodge complaints?

112. How many did you know?

     Turn these into interactive flashcards and track your progress automatically.

     Practice with flashcards →

113. Question 106

     Are there criminal penalties?

114. Question 107

     What's liability for joint controllers?

115. Question 108

     What's liability for processors?

116. Question 109

     What are Records of Processing Activities?

117. Question 110

     What must records of processing include?

118. Question 111

     Do small businesses need GDPR compliance?

119. Question 112

     What's a processor agreement?

120. Question 113

     What must a processor agreement include?

121. Question 114

     Can processors use sub-processors?

122. Question 115

     What's the territorial scope of GDPR?

123. Question 116

     Do I need a representative?

124. Question 117

     What's a retention schedule?

125. Question 118

     Should you train employees on GDPR?

126. Question 119

     What policies should you have?

127. Question 120

     How often should you review compliance?