Answers / Risk & Compliance

Explain GDPR’s key principles.

A core Risk & Compliance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.

THE SHORT ANSWER

Six principles (Art. 5): lawfulness/fairness/transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality. Plus accountability — the controller must demonstrate compliance. Key rights: access, erasure, portability, rectification. Lawful bases include consent, contract, legal obligation, legitimate interest. Breaches notifiable within 72 hours. Fines up to 4% of global turnover or €20M.

WHAT INTERVIEWERS LISTEN FOR

  • Six principles (Art. 5)
  • Accountability requirement
  • Key data subject rights
  • Lawful bases for processing
  • 72-hour breach notification

COMMON MISTAKES

  • Omitting accountability principle
  • Confusing GDPR with CCPA
  • Forgetting 72-hour notification deadline

Reading isn't the same as answering under pressure.

Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.

TRY QUICKFIRE →Or train full Risk & Compliance case simulations →

RELATED QUESTIONS