18. GDPR

Question 1

GDPR

GDPR

Answer 1

1. Regulation in EU Law on data protection and privacy
2. All individuals within the EU and EEA

EU - European Uniion
EEA - European Economic Area

Question 2

GDPR

Customers in EU/EEA

must comply

Answer 2

If you have customers in EU/EEA, company MUST adhere to GDPR

Question 3

GDPR

Violations and Fines

Answer 3

1. Up to EUR; 20m
2. 4% annual worldwide turnover (preceeding financial year)

Whichever is greater

Question 4

GDPR

Personal Consent

Answer 4

Personal data MAY NOT be processed
UNLESS;
1. Subject provided informed consent
2. At least one legal basis to do so

• Unless express consent given, its not legal to process it
• Anything that can be identified as yours

Question 5

GDPR

Restrictions

Answer 5

1. Lawful interception
2. National Sceurity
3. Military Police
4. Justice System

• Above have rights to the information and restricts GDPR

Question 6

GDPR

Personal Data

Answer 6

1. Names
2. Email addresses
3. Addresses
4. Unsubscribe confirmation URLS (contain email/name/IP address)

Question 7

GDPR

End User Rights

Answer 7

1. Right to access
2. Right to erasure
3. Data portability
4. Breach notification

1. Right to access - Data controllers must provide free copy on request to subject
2. Right to erasure - subjects have “right to be forgotten”
3. Data portability - Users have right to access their data in electronic format
4. Breach notification - Subjects must be notified of breaches within 72 hours

Question 8

GDPR

Right to access

End User Rights

Answer 8

Data controllers must provide free copy on request to subject

Question 9

GDPR

Right to erasure

End User Rights

Answer 9

subjects have “right to be forgotten”

• Where there are no laws or regulations for a company to be keeping your data

Question 10

GDPR

Data Portability

End User Rights

Answer 10

Users have right to access their data in electronic format

Question 11

GDPR

Breach Notification

End User Rights

Answer 11

Subjects must be notified of breaches within 72 hours

Question 12

GDPR

Privacy by Design

Answer 12

Care MUST be taken to ensure personal data is secure

• Only data that is “absolutely necessary for completio of duties” is stored

Question 13

GDPR

Data Protection Officers

Answer 13

Companies MUST appoint a Data Protection Officer

• Where companies whose activities involve data processing and monitoring
• Senior management liable. Does not mean other people are not
• Remember due dilligence and due care

Question 14

GDPR

Legacy Laws in EU and between EU and US

Answer 14

1. EU Data Protection Directive
2. EU-US Safe Harbor
3. Privacy Shield

Question 15

GDPR

EU Data Protection Directive

Legacy Laws in EU and between EU and US

Answer 15

Predecessor to GDPR

• Pro privacy law
• Organisations must notify individuals how they gather and use data
• Allow subjects to opt out of sharing your data with third parties
• Subjects must opt in for use of most sensitive data
• Not legal to transport data outside of EU unless that country has adequate (same level) of privacy protection
• US as example does not have same level of protections
• No longer exists

Question 16

GDPR

EU-US Safe Harbor

Legacy Laws in EU and between EU and US

Answer 16

Framework on data exchange

• Allowed US companies access to EU entities under EU privacy laws
• No longer exists
• Invalid in EU court of justice Oct 2015

Question 17

GDPR

Privacy Shield

Legacy Laws in EU and between EU and US

Answer 17

Framework on data exchange

• Allowed US companies access to EU entities under EU privacy laws
• No longer exists
• Invalid in EU court of justice July 16th 2020