Take Our General Data Protection Regulation (GDPR) Quiz – Test Your Knowledge!

On May 25th, 2018, the European Union (EU) General Data Protection Regulation (GDPR) went into effect.

The GDPR was established to ensure that companies follow a set of security and privacy standards that help safeguard the fundamental rights and interests of EU citizens’ and their personal data by defining how organizations process, store, and destroy it when it’s no longer required. It also gives individuals more control of how companies can use information that is directly related to them. 

GDPR regulations affect virtually anyone doing business within the EU or providing a service to residents in the EU, including organizations based out of the US or other countries, depending on applicable trade laws.  

How GDPR-educated is your organization? Now is the time to find out where you stand. Take the GDPR quiz below:


1.    What is the maximum data breach penalty, under the GDPR compliance directives? 
A.    20,000,000 euros or up to 4% of annual turnover, whichever is greater
B.    10,000,000 euros or up to 2% of annual turnover, whichever is greater
C.    There is no maximum fine

2.    GDPR applies to which types of individuals or organizations: 
A.    Any organization that processes personal data
B.    All data controllers and processors established in the EU and organizations that target EU citizens
C.    Data controllers operating in the EU

3.    A Data Protection Officer (DPO) must be appointed: 
A.    In all cases, regardless of the levels of data processing
B.    If an organization processes any sensitive personal data relating to EU citizens
C.    If an organization conducts large scale systematic monitoring or processes large amounts of sensitive personal data

4.    Complete the following statement: “Consent must be explicit…”
A.    For all personal data
B.    Only for children under the age of 16
C.    In the case of sensitive personal data or trans-border data flow

5.    Within what period of time is an organization required to notify a supervising authority about a data breach?
A.    Within 48 hours
B.    Within 12 hours
C.    Within 72 hours

6.    As of May 2018, GDPR regulations gives EU residents and citizens more rights and control over their data. However, in what terms do they have more rights and control?
A.    The right to be forgotten
B.    The right of data portability
C.    Both A and B

7.    What type of data is generally prohibited from processing? Exceptions to this rule include situations like the following: data owner made data public or gave explicit consent, another law permits processing for purpose of public interest/health or employment/social protection. 
A.    Biometric Data
B.    Ethnic Origin
C.    Both A and B

8.    Within which timeframe are organizations required to respond to data access requests? 
A.    40 days
B.    1 month
C.    10 working days

9.    Techniques for data protection by design include which of the following? 
A.    Cleansing
B.    Pseudonymisation
C.    Interpretation 

10.   Which of the following three endings would make the following statement true: “Data controllers or processors not established in the EU, but who process EU data…”
A.    Must only adhere to local data protection policy
B.    Are exempt from GDPR
C.    Require a designated representative in the EU


GDPR Quiz Answers

1.    A
2.    B
3.    C
4.    C
5.    C
6.    C
7.    C
8.    B
9.    B
10.  C

How Did You Do? 

If you missed two or more of the listed GDPR questions, then it may be time to brush up on your GDPR knowledge as it lays down very strict rules governing what happens if access to personal data is breached and the consequences organizations will suffer. Failure to meet GDPR requirements can result in costly penalties of four percent of annual global turnover (revenue) or €20 million ($24 million in U.S. dollars) – whichever is greater. 

Three Compliance Red Flags

Facilitating and sustaining GDPR compliance will require a dynamic and collaborative process and strategy. Awareness, data volume, and security hygiene play a critical role within any compliance strategy. Here’s why:

1.  Awareness 

What your employees don’t know can hurt your compliance initiatives. Consider offering regularly scheduled security training on the proper handling of data.

2.  Data Volume 

What you don’t see can hinder your ability to secure data. Managing a higher volume of data becomes even more arduous to protect without a solution that enables visibility, monitoring, or reporting. It will also be a problem if you need to audit or report on your data and security measures for GDPR.

3.  Security Hygiene 

If you’re not securing or managing the endpoints within your IT infrastructure, allowing the practice of shadow IT, or not properly controlling administrative access to your data, then it’s time to reevaluate your data security hygiene. In each case, your data could be compromised. Effectively securing your data and IT infrastructure within GDPR compliance equates to maintaining full control and visibility.

A secure data transfer platform that enables operational visibility and efficiency is crucial for the IT professional that wants to design a data management strategy that will help a company meet and maintain compliance requirements for the EU’s GDPR directives.  

Managed File Transfer (MFT) Software and GDPR Compliance

Globalscape’s secure data transfer platform, Enhanced File Transfer™ (EFT™) offers a powerful solution that enables organizations to manage data securely, efficiently, and with transparency—all of which are crucial functions when it comes to facilitating GDPR compliance. 

Simplify your GDPR compliance journey with EFT and its built-in controls that support regulatory compliance, governance, and visibility. Additionally, EFT offers enterprise-level security and administration that’s easy and granular enough to ensure that you have complete control over your file transfer system.

You can support your GDPR compliance requirements with the following EFT capabilities:

  • Use industry-standard secure protocols to secure your file transfers
  • Monitor file movement and user activities on your network
  • Create a multi-layered security solution for data storage and retrieval, authentication, and firewall traversal with Globalscape DMZ Gateway®
  • Use malware and Data Loss Prevention (DLP) tools to prevent malware from entering the network and sensitive data from leaving the network
  • Use data wiping to thoroughly delete data
  • Encrypt stored data
  • Securely access your data on any device without the cloud

With the right strategy and tools in place, you can design data management process that helps your company meet and maintain GDPR compliance. Are you ready to get started? 

Download our latest GDPR compliance eBook, “EU GDPR Compliance – Are You Prepared?” or contact us today to find out how we can help you comply with GDPR


In this whitepaper, we examine the scope of GDPR compliance and how Globalscape's on-premises, cloud, and SaaS managed file transfer (MFT) software—specifically EFT Enterprise, EFT Express, and EFT Arcus—can help an organization achieve and maintain a GDPR-ready posture. Read more about GDPR and EFT

Whitepaper: You're Welcome: 6 Ways GDPR is Doing Businesses a Favor

In this whitepaper, we'll discuss 6 ways GDPR is doing businesses a solid by bringing to light some of the bad habits surrounding the collection and storage of consumer data. Read more about the benefits of GDPR.  

Blog: 4 Ways to Fail GDPR Compliance

In this blog, learn about the four different things to avoid and what you can do to better manage your General Data Protection compliance requirements. Read more about the 4 ways to fail GDPR