GDPR Flashcard for OPS

Under GDPR, which of the following is NOT considered sensitive personal data? Employment history, Health information, Criminal records, Political opinions

A medical report about a policyholder making a travel insurance claim is an example of special category data

A data breach includes an organisation accidentally deleting personal data.

You accidentally sent an email to the wrong recipient with an attachment containing personal data that was unencrypted. You quickly realise your mistake, but the email has been sent and cannot be recalled. What should you do?

You are starting a new project that will involve the processing of personal data on a large scale. What is one of the first things you would do?

A policyholder has requested that you supply a copy of their personal data held by MS Amlin. This is a Data Subject Access Request (DSAR). What is your next course of action?

A contract with a third-party vendor that processes MS Amlin personal data.

What is the main objective of conducting a Data Protection Impact Assessment (DPIA) before initiating new data processing activities?

Personal data can be kept indefinitely to ensure data availability

Under Data Protection Law, what must MS Amlin do if a data breach impacting many individuals and involving lots of special category data occurs?