TCS Data Privacy English WBT 64091 TCS Answers. The course covers key concepts around data privacy and protection. I have organized the questions and 64091 TCS Answers under relevant headings for easy reference. Please let me know if you need any clarification or have additional questions in 64091 TCS Answers.
data privacy assessment tcs: Download PDF
More Question & Answers in PDF: Download Now
64091 TCS Answers
Question 1: Which of the following is NOT one of the key data privacy principles?
Answer: Consent. The key data privacy principles are Lawfulness, Fairness and Transparency, Purpose Limitation, Data Minimization, Accuracy, Storage Limitation, Integrity and Confidentiality. Consent is important but not one of the core principles.
Question 2: Which principle ensures that personal data is collected only for specified, explicit and legitimate purposes?
Answer: Purpose Limitation. The principle of Purpose Limitation ensures that personal data is collected only for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes.
Data Subject Rights
Question 3: Which of the following is NOT a data subject right under GDPR?
Answer: Anonymization. The key data subject rights under GDPR are Right to Access, Right to Rectification, Right to Erasure, Right to Restrict Processing, Right to Data Portability and Right to Object. Anonymization is a data protection measure but not a data subject right.
Question 4: Which right allows a data subject to receive a copy of their personal data being processed?
Answer: Right to Access. The Right to Access allows a data subject to receive a copy of their personal data being processed along with supplementary information about its processing.
TCS Course Answers all :
TCS RIO : Remote Internship
56978 TCS Answers : Agile E1
43893 TCS Answers : Information Security Awareness
7408 TCS Answers : iSecurity quiz
21939 TCS Answers : TCS Code of Conduct
64091 TCS Answers : Mastering TCS Data Privacy
55220 TCS Answers : Navigating Success GDPR
62297 TCS Answers : TCS SBWS Mode Assessment
2735 TCS Answers : Sexual Harassment Success
Data Protection Measures
Question 5: Pseudonymization and anonymization are examples of which type of data protection measure?
Answer: Technical measures. Pseudonymization and anonymization are technical measures to protect personal data by replacing identifiable information with surrogate values. Other examples include encryption and access control.
Question 6: Which of the following is an example of an organizational measure for data protection?
Answer: Role-based access control. Organizational measures for data protection include policies, procedures and guidelines as well as role-based access control, separation of duties and training & awareness programs for employees.
Data Breach Management
Question 7: Which of the following is NOT an important step in managing a data breach?
Answer: Notification. The key steps in managing a data breach are Containment, Assessment of Risks, Notification of Breach, Recovery, and Review of Existing Policies and Procedures. While notification is important, it is not one of the critical initial steps in containment and risk assessment.
Question 8: Under GDPR, when must a data breach be reported to the supervisory authority?
Answer: Within 72 hours. Under GDPR, a personal data breach that is likely to result in a risk to the rights and freedoms of individuals must be reported to the supervisory authority without undue delay and where feasible, not later than 72 hours after having become aware of the breach.
Data Protection Impact Assessment
Question 9: DPIA stands for which of the following?
Answer: Data Protection Impact Assessment. DPIA is the acronym for Data Protection Impact Assessment, which is an assessment of the impact of the intended processing on the protection of personal data.
Question 10: When is a DPIA mandatory under GDPR?
Answer: When a type of processing is likely to result in a high risk to individuals, such as systematic and extensive profiling or large-scale processing of special categories of data. A DPIA is also mandatory for public authorities and bodies.
Question 11: Which of the following best describes valid consent according to GDPR?
Answer: Consent should be freely given, specific, informed and unambiguous. For consent to be valid it must be given by a clear affirmative action and be as easy to withdraw as to give consent.
Question 12: Under what conditions can a company process personal data based on legitimate interests rather than consent?
Answer: Legitimate interests can be grounds for processing personal data if the interests or fundamental rights of the data subject are not overriding. Companies must carry out a legitimate interests assessment (LIA) to test and document that the processing is necessary and proportionate for the legitimate interests, except where the risks to rights are too great.
Data Transfers
Question 13: Which type of data transfer requires standard contractual clauses (SCCs) or binding corporate rules (BCRs) in addition to consent?
Answer: International transfers outside the EEA. While consent is one legal basis for transfers, for international transfers outside the EEA consent alone is not sufficient and SCCs or BCRs must supplement consent to legally transfer personal data across borders.
Question 14: SCCs and BCRs stand for which of the following?
Answer:
- SCCs = Standard Contractual Clauses
- BCRs = Binding Corporate Rules
SCCs and BCRs are legal mechanisms approved by the European Commission to legally transfer personal data outside the EEA.