Chapter 6 Data Processing Principles Flashcards

1
Q

What are the data protection principles ?

A
  1. Lawfulness, fairness and transparency.
  2. Purpose limitation
  3. data minimisation
  4. accuracy
  5. storage limitation
  6. integrity and confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the lawfulness, fairness, and transparency principle espouse?

A

processing must have a legal ground and be fair and transparent towards the data subjects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

describe the lawfulness principle

A

there must be a legal basis for processing the data, i.e. within the limits of the applicable laws (beyond data protection laws)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

describe six legal grounds

A
  1. consent
  2. contract performance
  3. legal obligation
  4. vital interest of individual
  5. public interest
  6. legitimate interest
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

describe consent legal ground

A

data subject has given free consent to the processing for one or more specific purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

describe consent contract performance ground

A

processing necesary for the performance of a contract which the data subject is a party or steps necesary to enter into ta contract with the data subject.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

describe legal obligation legal ground

A

processing is necesary for compliance iwth legal obligation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

describe vital interest of individuals legal ground

A

necessary to protect the vital interests of the dat asubject or another natural perosn.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

describe public interest legal ground

A

necessary for the perofrmance of a task carried out in the public interest or in the exercise of official authority vested in the controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

describe legitimate interest legal ground

A

necessary for the purposes of legitimate interest of the controller/third party as long as the interests are overriden bu the rights and freedoms of the data subject. *doesn’t apply to public authority processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

describe the fairness principle

A

means that data subjects must be aware that their data will be processed. incl. how the data will be collected, stored and used. allows the data subject to make a decision.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

describe the transparency principle

A

controller must be open and clear towards data subjects when processing personal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Recital 89 espouse

A

eliminates notification of processing to the data protection authorities. instead it is encouraged that data subject be informed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

describe grounds were the GDPR exempts controllers from the duty to inform data subjects?

A
  1. were info is obtained directly from the data subject & the subject is aware of the information.
  2. where providing information would be disproportionate effort
  3. protecting the subjects legitimate interest in which the disclosure is expressly governed by the applicable law
  4. presevign the confidentiality of the information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are controllers expected to do to be ‘transparent’?

A

provide data subjects with data timeously, clear and concise and easy to understand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the considerations of providing clear and easily accessible information

A

type of data to be processed, manner it will be collected, where the daa is sourced(i.e. from data subject herself or other sources)

17
Q

how can processing be transparent when relating to children’s data

A

use simple and plain language to allow children to understand

18
Q

how can processing be transparent when done by a professional specialist

A

no jargon use simple english

19
Q

how can controllers ensure transparency when making transparency notices

A

no lengthy privacy notices, simple enlish with on-time privacy notices.

20
Q

describe the purspose limitation principle

A

data must be collected and processed to acomtplish explicit and legitimate purposes, and not process beyond such purposes

21
Q

how can a controller assess whether the secondary use of data is compatible with the original purpose

A

take into account:
1. link between the original purpose and intended further processing.
2. context which the data was collected (reasonable expectations of data subjects)
3. nature of the personal data
4. consequences of further processing
5. exisistance of propoer safeguards.
*must all be fulfilled

22
Q

describe data minimisation prinicple

A

controllers must only collect and process personal data which is relevant, necesary and adequate to accomplish the purpose for which it is purposes.

23
Q

what are the two considerations when ensuring data minimisations

A

necessity and proportionality

24
Q

descirbe the necessity principle

A

whether the data collected is suitable and reasoable to accomplish the specific purposes

25
Q

describe the proportionality principle

A

controller msut consider the amount of data collected and adequacy.

26
Q

what does the controller consider when assessing adequacy

A

consider the potential adverse impact of processing, and whether alternative means exist.

27
Q

describe the accuracy principles

A

controller must take reasonable measures to ensure the data are accurate and where necesary kept up to date.

28
Q

what processes can be implemented to ensure accuracy

A

verify data,

29
Q

describe the storage limitation prinicple

A

data must not be kept for longer than is necessary for the purpose it is processed. this applies for each process and data.

30
Q

How long can controllers retain data for if the law is silent on retention periods

A

strict minimum

31
Q

Should controllers document different data retention periods for different data sets

32
Q

What should the data controller do with data once the retention period expires

A

delete or
annonymise
archive for statistical, scientific or research purposes.

33
Q

descirbe the integrity and confidentiality principle

A

ensuring appropriate security of the personal data. incl. ensuring against unauthorised or unlawful processing of data.