Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IAPP Training CIPP/E CIPM > CIPPE Module 6 - Information Provision Obligations > Flashcards

CIPPE Module 6 - Information Provision Obligations Flashcards

1
Q

What are controller obligations to Data Subjects?

A
  1. Transparency is a key principle.
    a) Intelligible and easily accessible (written or electronic)
    b) Clear and plain language
    c) Concise

Notice and access to personal data must be provided free of charge, unless the request is excessive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Per A29WP, What are the three key areas where transparency applies?

A
  1. Information provided to data subjects on fair processing
  2. How data controllers communicate the rights of DS to them
  3. How data controllers facilitate the exercise of those rights by the DS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Privacy Statement or Privacy Notice?

A

It is a statement that a DC makes to a DS
Information on what data is collected, used, retained and disclosed.
See AWS Privacy Statement for an example.

GDPR creates a tension between what the Privacy Statement must contain (a lot more than what the DPD required), but it also has to be concise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some techniques to make Privacy Notices more concise?

A
  1. Layered Privacy Notices (up to 3 layers)
  2. Just-in-time Notices (delivered just before a user accepts a service)
  3. Standardized Icons (to be developed by the EC).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What information must be provided to DS when information is collected directly from them?

A

Per Article 13, at the time of collection:
* Identity and contact of the DC
* Contact info for DPO
* Purpose & Legal Basis
* Legitimate Interest of the controller
* Recipients of the personal data
* Transfer to third country, legal basis (adequacy or safeguards)
* Period for which data is stored
* DS rights
* Right to lodge compliant
* Is DS obliged to provide PD?
* Existence of automated decision making

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What information must be provided to DS when information is NOT collected directly from them?

A

Per Article 14:
* Usual list as applicable when PD is collected from DS directly such as
* Identify and contact of DC, DPO
* Purpose, categories of PD, recipients, etc.

In addition:
* Source of the PD, and categories of data, if applicable

Info is provided within a reasonable time after PD has been obtained (and before further processing) or on first contact, or before disclosure to a recipient

Communication is not needed if:
* DS already has this info.
* it is not possible or involves disproportionate effort
* It would impair the purpose of processing (e.g. money laundering)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IAPP Training CIPP/E CIPM (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions