Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP-E > Chapter 6 (Data Processing Principles) > Flashcards

Chapter 6 (Data Processing Principles) Flashcards

1
Q

What are the 6 data protection principles listed in Article 5 of the GDPR?

A
  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and Confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the concept of lawfulness re data processing mean within the context of the GDPR?

A

Personal data must only be processed when data controllers have a legal ground for processing the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 6 legal grounds for processing data under the GDPR?

A
  1. Consent from data subject
  2. Contract Performance: including steps requested by data subject prior to entering contract
  3. Legal obligation
  4. Vital interest of individuals: re data subject or another natural person
  5. Public interest
  6. Legitimate interest: of the controller or by a third party
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Can the legal ground of legitimate interest be overridden?

A

Yes, by the interests or fundamental rights and freedoms of data subject which require protection of personal data, in particular where the data subject is a child.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can the legitimate interest legal ground apply to processing carried out by public authorities in the performance of their tasks?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Does the GDPR grant member states the right to determine more specific legal requirements to ensure lawful and fair processing of personal data in specific processing situations? What are the processing situations?

A

Yes.

  1. In relation to employer-employee relationships
  2. To define age of minors
  3. To protect genetic or biometric data
  4. Statistical, historical, or scientific purposes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the concept of fairness re data processing mean within the context of the GDPR?

A

That data subjects must be aware of the fact that their personal data will be processed, including how the data will be collected, kept, and used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the concept of transparency re data processing mean within the context of the GDPR?

A

Means a controller must be open and clear towards data subjects when processing personal data and provide info in a timely manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does the GDPR exempt data controllers from the duty to inform in cases when the data were obtained directly from the data subject?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The GDPR frees data controllers from the obligation to provide info when personal data are collected from other sources in what 3 cases?

A
  1. When providing the info will involve disproportionate effort or can be considered impossible.
  2. To protect the data subject’s legit interest, in which case, the disclosure is expressly governed by applicable law.
  3. To preserve the confidentiality of the info, also regulated by the laws to which the data controller is subject.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In order to provide clear and easily accessible info what must controllers consider?

A
  1. The most convenient tools or methods to make info available to data subjects
  2. The type of data to be processed
  3. The manner in which the personal data will be collected
  4. Whether the info is obtained directly from the data subject or from another source
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Does the GDPR promote the use of visual and standardized icons or symbols as alternative means to inform individuals in a concise and clear way?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the concept of purpose limitation re data processing mean within the context of the GDPR?

A

Means that data controllers must only collect and process personal data compatible with specified, explicit, and legit purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

May a controller process personal data beyond its explicitly stated purpose(s)?

A

Only if further processing is considered compatible with the purpose for which the personal data was originally collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 5 things a controller should consider when assessing whether the further processing is compatible with the original purpose(s)?

A
  1. Any link b/w those purposes and the purposes of the intended further processing
  2. The context in which the personal data has been collected, in particular the reasonable expectations of data subjects based on their relationship with the controller as to their further use.
  3. The nature of the personal data
  4. The consequences of the intended further processing of data subjects
  5. The existence of appropriate safeguards in both the original and intended further processing operations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When a controller’s secondary purpose is incompatible with the original one the controller is required to do what?

A
  1. Properly inform the data subjects
  2. And, either obtain separate consent in relation to the new purpose or satisfy one of the other available legal criteria to justify the processing
17
Q

What does the concept of data minimization re data processing mean within the context of the GDPR?

A

Means data controllers must only collect and process personal data that are relevant, necessary, and adequate to accomplish the purposes for which it is processed.

18
Q

What 2 concepts apply in order to implement data minimization?

A
  1. Necessity
  2. Proportionality
19
Q

How can controllers comply with the GDPR’s accuracy principle?

A

A controller must:
1. Implement reasonable measures to ensure data are collected from reliable sources
2. Take necessary care to ensure the data preserves its accuracy during the process of integrating and combining sets of personal data from multiple sources
3. Updating info when necessary

20
Q

What are the implications of the GDPR’s storage limitation?

A

Means personal data must not be kept for longer than necessary for the purposes for which the personal data is processed.

21
Q

How can controllers satisfy its duties under the GDPR’s storage limitation principle?

A

By defining a data retention policy.

22
Q

What does the concept of integrity and confidentiality re data processing mean within the context of the GDPR?

A

That personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destructions, or damage using appropriate technical or organizational measures.

CIPP-E (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions