Section 1.

Chapter 1.

1. Why was there a call for new standards to allow individuals to exercise additional control over their personal
data?
a. A rise in cross border trade and the increase in automated storage of personal information.
b. So that people could govern how the internet works.
c. In order to comply with Convention 108.

2. What was the challenge with these how these new standards would be framed?
a. It would be difficult to get them signed off by the European Parliament.
b. The general public were apathetic.
c. To strike a balance between concerns at a national level for personal freedom and privacy and the
ability to support free trade at the EEC level.

3. What was the clear starting point for the framing standards of protection for individuals?
a. Convention 108.
b. Universal Declaration of Human Rights, adopted on 10 Dec 1948 by the General Assembly of the
UN.
c. The Lisbon Treaty signed in 2007.
4. What does Article 8 of the ECHR read?
a. Everyone has the right to respect for his private and family life, his home and his correspondence.
b. Thou shall not use Consent for legal requirements.
c. The EU will be formed of 28 member states.

5. What is the balance acknowledged by both the Human Rights Declaration and the ECHR?
a. The rights of individuals and the justifiable interference with these rights, which is a recurring
theme within data protection law.
b. The balance between member states being able to tweak core concepts and the need for a level
playing field.
c. The balance between the Council of the EU and the Parliament.

6. What was signed in 1980 to produce guidelines on Privacy and international data transfers?
a. Convention 108.
b. The Treaty of Rome.
c. The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

7. What is the membership of the OECD?

a. The membership of the OECD is made up of all EU member states.
b. As of 2018 there were 36 members and membership is extended beyond European states.
c. All signatories of Convention 108.

8. Under The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data what is the
Data Quality Principle?
a. Personal information must be relevant, complete, accurate and up to date.
b. Personal data must be collected lawfully.
c. There should be a general policy of openness with the respect to the uses of personal information.
9. What is the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal
Data also known as, and when was it signed?
a. Convention 108, signed in 1981.
b. Treaty of Maastricht, signed in 1992.
c. The Lisbon Treaty, signed in 2007.
10. What is notable about Convention 108?
a. It was written by a large number of member state representatives.
b. It replaces the OECD.
c. It is the first binding international instrument to set standards for the protection of individuals’
personal date.

11. What is a key difference between Convention 108 and The OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data?
a. Convention 108 is a more modern approach.
b. Convention 108 is binding whereas the guidelines are not.
c. The guidelines are binding and Convention 108 is note.

12. When can signatories include an exception to the provisions of Convention 108?
a. Where local laws allow.
b. When this is a ‘necessary measure in a democratic society’ e.g. criminal investigations.
c. Where the Commission grants an adequacy decision.

13. The Data Protection Directive (95/46/EC or the Directive), adopted in 1995 is different to a Regulation in
that:
a. The Directive is optional.
b. The Directive is not optional, it is binding legislation but it is left to national authorities to decide
the methods by which it is implemented.
c. The Directive repeals any opposing national laws.

14. What about the Directive has made it difficult for businesses to take full advantage of the benefits of the
internal market?
a. Nobody really understands the Directive.
b. The Directive is very unclear and multiple further opinions have been issued that appear to
contradict the original text.
c. There have been significant differences in the ways member states have implemented and applied
the Directive.

15. What is notable about the Charter of Fundamental Rights signed in 2000?
a. The Charter was written in blue ink.
b. The Charter continues where the Treaty of Lisbon ended.
c. The Charter specifically refers to the protection of personal data.

16. The main aim of The Treaty of Lisbon, signed in 2007 was to:
a. Strengthen and improve the core structures of the EU to enable it to function more efficiently.
b. To amend previous legislation.
c. To gain agreement amongst all member states.
17. In response to a lack of harmonisation in the approach to data protection throughout the member states the
Commission made a proposal in 2012, what was that proposal?
a. That fines be increased across all member states.
b. That companies should be required to gain consent for all processing of personal data to ensure an
accountability framework.
c. A comprehensive reform of the Directive in the form of a General Data Protection Regulation
(GDPR) imposing a single set of rules across the EU.

18. How was the text of the GDPR negotiated?

 a. A ‘trilogue’, negotiated by the European Commission, the European Parliament and the Council of
Europe.
b. The European Parliament, representing the will of the people, wrote the legislation.
c. The commission, used its full powers and dictated the regulation to member states.

19. What of the following are true of the Regulation:

a. The regulations are binding in their entirety and apply directly to all member states upon entry in
to force in May 2016 without the need to be transposed in to national law.
b. The regulation was presented as guidelines and EU states, in agreement, transposed these in to
national law on 25th May 2018.
c. The regulation are binding but states can choose to not enforce them where they see fit.

20. What are some areas where member states may make further legislative provisions under the GDPR?
a. Where the national heads of states declare that the current provisions are unworkable.
b. Where there are already sector specific laws, archiving purposes in the public interest, scientific or
historical purposes, statistical purposes, processing of special category personal data and
compliance with a legal obligation.
c. In order to share data with police and intelligence services, where the relevant governmental
department signs an agreement, where new laws overwrite the GDPR, where the new laws lead to a
loss in profits for companies and where economies of member states are involved.

21. What are key changes in the Regulation?

a. The Regulation is translated in to all languages of the EU, the Regulation was agreed by Tilogue, the
commission is able to over-ride national decision and data protection is required from the outset.
b. There is always a requirement for consent, consent requirements are now stricter, all breaches must
be reported to the DPA and fines are enforceable.
c. Stronger rights for individuals, a requirements for data protection by design and default, the
introduction of the concept of accountability, increased powers for supervisory authorities, the
concept of the ‘one-stop shop’ and broader applicability.

22. What are the aims of The Law Enforcement Data Protection Directive or LEDP, entered in to force on 5th May
2016?
a. To harmonise the rules in place across the member states to protect citizens’ fundamental rights
whenever personal data are used by criminal law enforcement authorities.
b. To allow law enforcement in member states to carry out their respective roles without having to
worry about data protection.
c. To increase the bar for the processing of personal data by law enforcement.

23. The ePrivacy Directive sets out rules relating to what?

a. To processing personal data across ‘public communications networks’.
b. Electronic marketing.
c. Requirements for consent.

Further recommendations:

 Attempt to list all the key pieces of Data Protection Law in Europe and then look at pages 19-22 and see how
well you did.
*If you have any questions or concerns about this course please contact Enquiries@MapSterling.com