Knowledge Base

Which GDPR principle requires that only strictly necessary data be collected?

The principle of lawfulness

The principle of purpose limitation

The principle of data minimization

The principle of accuracy

Which article of the GDPR requires maintaining a record of processing activities?

Article 15

Article 30

Article 35

Article 39

What is the most common legal basis for data processing in the banking sector under Article 6 of the GDPR?

The explicit consent of the client

Performance of the contract for the client relationship

A legal obligation for AML/CFT requirements

The legitimate interest of the bank

What is the maximum time allowed to respond to a data access request under Article 15 of the GDPR?

One week

Two weeks

One month

Three months

True or False: The right to data portability (Article 20) is less important in the context of Open Banking.

True

False

True or False: A bank may use KYC data for commercial prospecting purposes without a separate legal basis.

True

False

Data Protection Officer (DPO)

Click to see answer

Categorize items by dragging them to the appropriate zones

Items to categorize:

Carrefour Banque - €800,000 (November 2020)

American Express Carte France - €1.5 million (November 2025)

NS Cards France - €105,000

Categories:

Breach of information duty or fairness

Failure to secure data