Assessment

GDPR & AI — Understanding Data Protection

6 questions · 8 points · Pass at 80% (6/8)

1. Which GDPR principle states that data may only be used for the specified purpose?

A Data minimization B Purpose limitation C Accuracy

2. What does GDPR Art. 22 permit?

A Prohibit AI systems B Requiring human oversight in automated decision-making C Delete data without consent

3. How long does a company have to report a data breach to the supervisory authority?

A 7 days B 72 hours C 30 days

4. For which data do stricter rules apply under GDPR?

A All data of persons over 18 B Health data, ethnic origin, political opinions C Data older than 5 years

5. Which statement about the DPIA (Data Protection Impact Assessment) is correct? 2 pts

A It is voluntary and only recommended B It is mandatory for high-risk processing (Art. 35) C It must be conducted annually by external auditors.

6. What are the information obligations towards data subjects? (Multiple possible) 2 pts

A Who processes the data B The source code of the AI model C How long the data will be stored D Whether automated decisions are made