Employee Handbook Quiz Answers


Question     Answers Reference
1 Q: What does PII stand for?

A: The GDPR defines PII as “Personally Identifiable Information” being any data that helps identify an individual.

Page 8
2 Q: What is a data subject access request (DSAR)?

A: A Data Subject Access Request (DSAR) is any request, verbal or written, from an individual exercising their rights under the GDPR

Page 14
3 Q: Who is the regulator responsible for enforcing the GDPR in the UK?

A: In the UK, the GDPR is enforced by the Information Commissioner’s Office (the “ICO). www.ico.org.uk

Page 5
4 Q: The EU GDPR was enacted into which UK Law?

A: In the UK, the Data Protection Act 2018 is the UK law that embodies the GDPR. 

Page 3
5 Q: What is a retention policy?

A: A retention policy is your organisation’s policy that defines when the different types and categories of personal data processed will be removed, deleted or anonymised. 

Page 13

Q: If you receive a request from a 3rd party to share personal data with them, what should you do?

A: Remembering that unlawfully divulging personal information to someone other than the appropriate recipient is a data breach in itself, then it’s important to:

  • Verify the identity of the person asking for the data
  • Ensure they are entitled to receive it
  • Where appropriate, check with the owner of the data if you are unsure
Page 15

Q: What precautions should you take if you are using your own device for work?

A: If you use your own personal device to access or store the personal data processed by your organisation then you should:

  • Ensure it has the latest security updates installed
  • Ensure you follow your organisation’s “Bring your own device” (BYOD) policy and all guidelines on passwords
  • Don’t let others use it (including family members)
  • Keep it safe – and make sure you have activated device location and remote wipe services in case you do.
Page 20

Q: What should you do if there is a personal data breach?

A: If you suspect there has been a data breach then don’t hide it. Report it to your manger and your data protection officer immediately.

All data breaches must be recorded as an incident in your Data Breach register

Page 17

Q: What should you do if you receive a suspicious email?

A: If you receive any suspicious emails then make sure you:

  • Report any suspicious emails you receive to your IT department immediately
  • Avoid opening any attachments or clicking on any links in the email

If you think you’ve been hacked it will be necessary to find out if any data has been compromised. If it has, change your passwords, record the incident in your data breach register and treat it as a data breach

Page 22

Q: When should you contact your Data Protection Officer?

A: Always contact your DPO whenever you:

  • Aren’t sure about any aspect of handling, processing or protecting personal data
  • Suspect there has been a data breach
  • Aren’t sure how to interpret or follow our organisations policies
Page 29