Which of the following is NOT a right granted to data subjects under GDPR?
Think about what GDPR protects regarding personal data sharing.
GDPR does not grant the right to demand unlimited data sharing with third parties. Instead, it controls and restricts data sharing to protect privacy.
You need to design a system flow for handling user requests to delete their personal data under GDPR. Which step should NOT be part of the flow?
Consider GDPR requirements for accountability and audit trails.
GDPR requires organizations to keep records of processing activities, including deletions, for accountability. Immediate deletion without logs breaks this rule.
Your global service receives thousands of GDPR data access requests daily from users in different regions. Which architectural approach best supports scalable, compliant handling of these requests?
Think about data residency laws and system scalability.
Distributing data regionally respects data residency laws and processing requests locally reduces latency and scales better. Synchronizing audit logs ensures compliance.
When implementing encryption for personal data to comply with GDPR, which tradeoff is most important to consider?
GDPR requires protection of personal data but also consider system impact.
Encrypting all personal data protects privacy but may increase latency and cost. Balancing security and performance is key.
Your system stores personal data for 5 years to comply with GDPR retention policies. If you have 1 million users, each generating 10 KB of personal data monthly, estimate the total storage needed for personal data retention.
Calculate monthly data per user, multiply by users and months in 5 years, then convert to TB.
Per month: 1,000,000 users × 10 KB = 10,000,000 KB ≈ 10 GB
Over 60 months: 10 GB × 60 = 600 GB