Data Protection Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

What people/ entities enjoy data protection rights?

A

Live humans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What data is protected under GDPR?

A

Personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Give examples of what counts as personal data.

A

Email, phone number, address, name, genetic info, dna, cctv footage of you, your image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does processing involve?

A

Any verb, anything ending in -ing; restricting, gathering, filing - once you are doing it with the intention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What specific features does profiling focus on?

A

Age, gender, ethnic origin, religion, race, politics, health, employment status

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Give examples of special categories of data.

A

**Section 9 **- what we have just listed in the previous question - can’t profile us on this unless we consent

“section 9 data includes ____” - answer: health, race, age, gender etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do the following stand for - GDPR, LSA, CSA, OSS

A

GDPR: general data protection regulation

LSA: lead supervisory authority

CSA: concerned supervisory authority

OSS: one stop shop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When does GDPR apply?

A

Either the supplier, customer / subject, or processing is in / takes place in Europe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name the regs that cover electronic communications.

A

The e-privacy regulations 2011

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does reg 13 say about spam?

A

Unsolicited communication - spam
Only when someone consents to spam you are allowed to spam them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When can you spam an ordinary human?

A

Only when they consent to it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When can you spam a business?

A

Any time except for mobile phones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

12 month rule on spamming?

A

If I sold you goods or services in the last 12 months, I can spam you without your consent once the spam is in relation to the product or something similar

When spamming, must have the option to unsubscribe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What piece of law orders your providers to retain phone and internet traffic?

A

The data retention act 2011

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How long must your phone traffic be kept for?

A

2 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How long must your internet traffic be kept for?

A

1 year

17
Q

Who is in charge of enforcing data protection in Ireland?

A

Data protection commissioner

18
Q

What Irish act implements GDPR in Ireland?

A

Data protection act 2018

19
Q

What are the powers of the data protection commissioner?

A

They can stop you from processing, can ask you to provide info for them, can access your site both your property and your servers, can seize your material, can take and delete your database, can give warnings and advisories, can impose fines

Have to go to court if you want compensation

20
Q

What article gives me the right to sue for compensation for breach of GDPR?

A

Article 82

21
Q

What kind of damage can I sue for?

A

For material and non-material damage

Material - actual loss to me

Non - material - worried, can’t show actual damage yet, worry and anxiety, embarrassment

22
Q

What is an SCC?

A

Standard contractual clause

Approved clauses under which our data can be sent out of europe

23
Q

When can I legally transfer data out of Europe?

A

If I had a lead supervisory authority approved legal clause

24
Q

What’s the difference between a controller and a processor?

A

Processor answers to the controller - controller tells them what kind of data to collect and process

25
Q

What are the seven principles of data protection?

A

Obtain and process lawfully, fairly and transparently

Purpose and limitation

Data minimisation

Accuracy

Storage limitation - get rid of it when you no longer need it

Integrity and confidentiality - keep it safe and secure

Accountability

26
Q

What is an article 35 assessment?

A

Has to be carried out if you are going to engage in high-risk processing - anything that deals with section 9 special categories of information

27
Q

What kind of processing is exempt from GDPR?

A

Once you can show that it’s for the common good, protecting health and morality, fighting crime, archiving, once the interference is proportionate & necessary