in the interview 2 persons were there, they asked me very simple questions like CIA triad, Secure by design and few more, basically all of them are theoretical and preety easy to answer, even they did not give me any practical task as well. but remeber when i asked them following 3 things: THEY COMPLETELY FAILED TO ANSWER 1. Please tell me what is the lawfulness of collecting this information as per GDPR? 2. Please tell me the methods of evaluation? and i explained them why it is necessary because competency based answers are all correct it is depends on the evaluator who selecting, my objective was to understand do they have governance on this or they are evaluating based on their personal preferences. 3. Please show me if you already conducted PIA on this, i also explained them why it is necessary because we may deal with the information under Article 9 of GDPR, and the general rule is we cant process this without haveing a good legal basis.