Simply Easy Learning

Return to Data Protection Page

How Much Do You Know About GDPR? Test Your Knowledge

The General Data Protection Regulation (GDPR) was introduced on 25th May 2018 to address data protection in the European Union and the European Economic Area. Its aim is to improve privacy and give greater control to customers and citizens over their personal data and how it is used.

Our GDPR quiz is designed to test your knowledge on the new rules to ensure you know how your data will be used and what protections you have in place. Press the start button to take the quiz.

Take The GDPR Quiz

1 / 9

To your knowledge, which organisations need to adhere to GDPR?


The answer is “All organisations must comply”

Any company that stores or processes personal information about EU citizens within EU states must comply with GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:

  • A presence in an EU country
  • No presence in the EU, but involved in the processing of EU residents’ data
  • More than 250 employees
  • Fewer than 250 employees, but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data - this is effectively all companies
Next Question
2 / 9

For the following statements, tick all that are true:

Submit Go back a question

The answer is “All of the above”

GDPR provides all of the above rights to individuals.

Next Question
3 / 9

From the statement below, tick all that apply:

To your knowledge, what personal data can organisations legally keep about you?

Submit Go back a question

The answer is “All of the above”

Under GDPR, organisations are able to keep all of the above data about you. Personal data is defined by GDPR as:

‘personal data’ means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person”.

Next Question
4 / 9

What can companies legally do with your personal data?

Submit Go back a question

The answer is “All of the above”

GDPR states that companies can legally do all of the above with your personal data.

Next Question
5 / 9

Is a company legally required to share information if there has been a data breach?

Submit Go back a question

The answer is “Yes”

Personal data breaches can include:

  • Access by an unauthorised third party
  • Deliberate or accidental action (or inaction) by those responsible for your data
  • Sending personal data to an incorrect recipient
  • Computing devices containing personal data being lost or stolen
  • Alteration of personal data without permission
  • Loss of availability of personal data

The GDPR places a duty on all organisations to report certain types of personal data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach.

If a breach poses a high risk to individuals’ rights, they must be informed without undue delay. Organisations are required to provide the following in clear and plain language:

  • The nature of the personal data breach
  • The name and contact details of the organisation’s data protection officer or another point of contact
  • A description of the likely consequences of the personal data breach
  • A description of the measures taken, or proposed to be taken, to deal with the breach, including, where appropriate, measures taken to mitigate any possible adverse effects
Next Question

Well done for answering all the questions in our quiz on GDPR! How did you do?

If you are concerned about the way an organisation has handled your personal data, or have been the victim of a data breach, our solicitors are here to help.

Our expert data protection solicitors understand how damaging having your personal data leaked can be, both financially and emotionally, which is why we are here to help you make a claim.

To speak to a solicitor about a legal issue relating to personal data and your rights, contact Gibson & Associates today by calling 1890 989 289, or by filling in our online enquiry form to request a call back.

Start Over
6 / 9

An organisation can legally access your personal data through user consent by:

Submit Go back a question

The answer is “Explaining how the data will be used, asking you to tick a box to give consent and providing access to the information”

GDPR says that individuals must have real choice and control, meaning a clear and concise explanation should be provided to explain what individuals are agreeing to. Forms of default consent, such as a pre-ticked box, no longer apply.

Next Question
7 / 9

If you decide to stop using an organisation’s services, it is expected to:

Submit Go back a question

The answer is “Tell you how you can delete the personal information it has on you”

GDPR allows individuals to demand their personal data can be erased. Organisations must respond within a month of receiving the request and should comply without charging a fee unless the request is deemed “manifestly unfounded or excessive”.

Next Question
8 / 9

You apply for a job and are turned down by the business’s artificial intelligence system. What are your options?

Submit Go back a question

The answer is “You can ask for details of the logic involved in the decision and request a human to reconsider your application”

GDPR gives individuals the right to challenge decisions made by an artificial intelligence system if consent was not provided in advance. Those affected can ask for details on which the decision was based, as well as the right to have a human check that a mistake was not made.

Next Question
9 / 9

A free app that relies on adverts to make money has gathered information about you. Under what circumstances can you forbid it to use the data?

Submit Go back a question

The answer is “If your personal data is being processed for direct marketing (i.e. a business promoting its wares directly to you and other members of the public) you will be able to prohibit this use”

Regardless of a business having a legal base to process your personal data, you have the right to object to the continued processing of your personal data if it’s for the purposes of direct marketing.

If you have willingly and explicitly consented to your personal data being used for ads in the past, then organisations are able to continue to do so.