Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCSP > Chapter 9: International Laws > Flashcards

Chapter 9: International Laws Flashcards

1
Q

What is the definition of jurisdiction?

A

The jurisdiction is the land and people subject to a specific court or courts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When took the General Data Protection Regulation (GDPR) legal effect?

A

In 2018.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the scope of GDPR?

A

The scope of GDPR is notable for its breadth. The GDPR aims to protect all personal data for everyone in the EU by regulating any entity that handles the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

GDPR: what is the definition of Personal Data?

A

Personal Data includes any information that identifies an individual.

Examples include:
- names
- IP addresses
- geolocation information
- as well as any characteristics of a person that might be used individually or in combination to identify that person.

The GDPR refers to individuals protected by the law as natural persons or data subjects. Importantly, the GDPR does not restrict its scope to citizens of EU member states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

GDPR: What is the data controller?

A

Data Controller
A data controller is usually the entity that ultimately is in charge of the data.

The GDPR says that a controller “… determines the purposes and means of the processing of personal data…”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

GDPR: What is the data processor?

A

Data Processor
A data processor is any other entity that handles personal data for the controller.

For example, a retailer may hire a digital marketing firm to help it increase online sales with better website analytics. In this case, the retailer would be the controller and the marketing firm would be the processor. Under GDPR, both controllers and processors have obligations and liabilities.

With this framework, the GDPR aims to protect data even as it changes hands.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Does the GDPR restrict its scope to only citizens of EU member states?

A

The GDPR refers to individuals protected by the law as natural persons or data subjects. Importantly, the GDPR does not restrict its scope to citizens of EU member states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Does GDPR allow the transfer of data to non-eu countries?

A

GDPR prohibits the transfer of data to non-EU countries unless the recipient offers the same privacy protections as the EU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

GDPR: What are avenues to transfer data to non-EU countries?

A

GDPR offers a few avenues for approving data transfers outside the EU.

For example, EU authorities decide in advance that a non-EU country has adequate data privacy protections in place to allow data transfers to take place.
This is known as an adequacy decision. Mechanisms to facilitate data transfer between the United States and the EU are in flux, but they include the:
- EU-U.S. Privacy Shield program
- Binding Corporate Rules
- and Standard Contractual Clauses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

GDPR: What do all data processors and data controllers need to provide?

A
  • transparent notice to customers explaining what data is collected
  • and how data is used
  • and information about any third-parties with whom data may be shared.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

GDPR: What are the requirements for consent according to GDPR?

A

Consent must be meaningful, and controllers must be able to show that they have obtained consent.

GDPR requires that written consent must be
- “clearly distinguishable from other matters,
- easy to understand
- accessible

This means that a consent clause may not be buried in some long and obtuse end user agreement.
Data subjects may also retract their consent whenever they like.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

GDPR: Explain the right to erasure?

A

The right to be forgotten means, quite simply, that EU data subjects have the right to ask data controllers to erase all of their personal data.

A request for erasure may be made in a number of circumstances, including when a data subject withdraws consent. In such cases, controllers are required to erase the personal data in question “without undue delay.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

GDPR: What is the simplest mechanism to allow international data transfer to and from the EU?

A

Probably the smoothest and simplest mechanism to allow international data transfers to and from the EU is via an adequacy decision.

An adequacy decision occurs when the Eu reviews the privacy laws of another nation and decides those laws are adequate to protect EU data subject’s privacy at a level commensurate with the provisions of the GDPR.

The European Commission is empowered to make adequacy decisions under the GDPR. Once such a decision is made, international data transfers may occur to and from the EU and the other country without the need of any further legal approval,.

An adequacy decision allows the EU to treat a company from another country virtually just like a European Country. The EU has only made adequacy decisions in favor of a handful of nations so far, including:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

GDPR: Can Data Subjects under GDPR pursue damages for any harm vaused by a violation of GDPR?

A

Yes.

Data subjects may also pursue damages for any harm caused by a violation of GDPR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

GDPR: Penalties and Fines: How high can the fines go?

A

Penalties for violating the GDPR can be very steep. Depending on which provision of GDPR is violated and whether the violation was intentional or negligent, administrative penalties for infringements may reach up to 20,000,000€ or 4% of a company’s annual revenue, whichever is greater.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 8 additional rights under GDPR from Data Subjects?

A
  • Right to Erasure
  • Right of access
  • Right of rectification
  • Right to restriction of processing
  • Notification obligations
  • Right to data portability
  • Right to object
  • Automated individual decision-making, including profiling
17
Q

GDPR: Explain the right of access

A

Right of access: Data subjects have the right to:
- know what data is collected
- and why,
- know how their data will be processed
- know with whom their data may be shared
- obtain a copy of their personal data
- and have access to information about how to request erasure under GDPR

18
Q

GDPR: Explain the right of rectification

A

Right to rectification: Data subjects have the right to request corrections to the information collected about them.

19
Q

GDPR: Explain the right to restriction of processing

A

Right to restriction of processing: Data subjects have the right to request that data controllers halt processing activities, without requesting full erasure, in some circumstances.

20
Q

GDPR: Explain the Notification obligations

A

Notification obligations:Data controllers have to notify data subjects when they fulfill requests for erasure, rectification, or restriction of processing.

21
Q

GDPR: Explain the Right to data portability

A

Right to data portability: Data subjects have the right to get a copy of their data in “machine-readable format” so that it can be ingested by other information systems.

This right, for example, helps to prevent companies from locking customers into their products by keeping their data in a proprietary format that can’t be moved to a competitor.

22
Q

GDPR: Explain the Right to object

A

Right to object: Data subjects have the right to object to any processing of their personal data they believe to be out of compliance with GDPR or to opt out of certain processing activities, such as direct marketing. The burden is on the data controller to demonstrate that data processing activities are authorized under GDPR in order to resume.

23
Q

GDPR: Explain the Automated individual decision-making, including profiling

A

Automated individual decision-making, including profiling: This right means that AI, or any “automated processing”, alone can’t make any decisions that have a significant or legal impact on a person.

24
Q

GDPR: what are safe harbor and privacy shield programs for?

A

Safe harbor programs, for example, establish a common set of privacy regulations, and member nations commit to enforcing those privacy standards.

Such arrangements allow companies established in nations with strict privacy regulations to transfer data to and from countries with less-strict laws.
Typically, safe harbor frameworks are aligned with the strictest domestic laws of all members in order to function.

25
Q

Does the U.S. and Europe have a Pricacy Shield program in place?

A

> With the Privacy Shield program in place, the EU was able to make an adequacy decision to authorize data transfers with U.S. companies in the program.
This program underwent a legal challenge as a result of a case brought by an Austrian privacy advocate known as Schrems II. In July 2020, the EU courts struck down the Privacy Shield program and reversed the earlier **.adequacy decision]].

26
Q

GDPR: What legal frameworks can be used to transfer data from Europe to U.S. and back?

A

In the Schrems II ruling, the CJEU left two other avenues in place for U.S. companies to engage in data transfer with the EU.

These include:
- Binding Corporate Rules (BCRs)
- Standard Contractual Clauses (SCCs)

27
Q
A

CCSP (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions