Quiz – 6 data subject rights you don’t want to get wrong

5th October 2017Open code padlock sat on a computer.

If you hold, store or process personal information on individuals you should be aware that they have a number of rights that you need to ensure you fully understand and are actively acting in compliance with.

Take our quiz to test your knowledge on the 6th principle of Data Protection…

1. Which of the following is a ‘data subject right’?
a) To claim compensation for any data breaches that cause damage to them
b) To request a copy of the data you hold on them
c) To object to any processing that is likely to cause them ‘damage or distress’
e) To prevent processing for marketing purposes

2. What is the maximum amount of time you have to respond to a subject access request (SAR) from the date they sent it?
a) 7 working days
b) 10 working days
c) 40 calendar days
d) 1 calendar month

3. What is the maximum fine you could receive from the ICO if you are found in breach of the data subject’s rights?
a) 4% of your global turnover or 20 million euros (whichever is greater)
b) Up to 1 Million Euro
c) 4% of your global turnover or 20 million euros (whichever is smaller)
d) up to 6 Million Euro

4. You are not forced to respond to a SAR if the individual requests the information…
a) Via email
b) Via fax
c) Via Facebook
d) Via the telephone

5. Can you charge a fee for providing the information requested by an individual?
a) No, as it is the individual’s right to request this information you cannot add a charge
b) Yes, unless a SAR relates to one of a small number of special categories of information, you can charge  up to £10 for dealing with it.

How did you do?
In order to ensure that data requests from individuals are being dealt with promptly and in line with data protection laws your staff will have to have a good knowledge of these rights and will need to know how to follow them up or you could face heavy penalties from the ICO.

Don’t leave it until tomorrow, book your staff’s training today.

Contact us to discuss your training needs 01673 885 533 or check out our online e-learning courses. We’re here to help.


Answer 1: ALL OF THEM! A individual also has the right to have any inaccurate personal data blocked, corrected, erased or destroyed in certain circumstances and to object to automated decision making regarding their data.
Answer 2: Following a request, you will be expected to respond promptly, however you do have up to 40 calendar days from the day you received the request to complete.
Answer 3: The answer is A. Under the GDPR a breach of the data subject’s rights will fall into the higher range of fines; the maximum fine you could receive is 4% of your global turnover or 20 million euros, whichever is greater.
Answer 4: The answer is D – via the telephone! All requests regarding data handling must be requested in writing (yes this even includes a request made on your official Facebook page!) Although for best practice, for anyone that does call, we recommend that you let them know that the best way for them to submit their request is in writing.
Answer 5: A, under the GDPR for most private, public and third sector organisations NO fee can be charged for an SAR, although this is different for some more complex or specific requests.


Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.