Data Protection

Question 1

What people/ entities enjoy data protection rights?

Answer 1

Live humans

Question 2

What data is protected under GDPR?

Answer 2

Personal data

Question 3

Give examples of what counts as personal data.

Answer 3

Email, phone number, address, name, genetic info, dna, cctv footage of you, your image

Question 4

What does processing involve?

Answer 4

Any verb, anything ending in -ing; restricting, gathering, filing - once you are doing it with the intention

Question 5

What specific features does profiling focus on?

Answer 5

Age, gender, ethnic origin, religion, race, politics, health, employment status

Question 6

Give examples of special categories of data.

Answer 6

**Section 9 **- what we have just listed in the previous question - can’t profile us on this unless we consent

“section 9 data includes ____” - answer: health, race, age, gender etc

Question 7

What do the following stand for - GDPR, LSA, CSA, OSS

Answer 7

GDPR: general data protection regulation

LSA: lead supervisory authority

CSA: concerned supervisory authority

OSS: one stop shop

Question 8

When does GDPR apply?

Answer 8

Either the supplier, customer / subject, or processing is in / takes place in Europe

Question 9

Name the regs that cover electronic communications.

Answer 9

The e-privacy regulations 2011

Question 10

What does reg 13 say about spam?

Answer 10

Unsolicited communication - spam
Only when someone consents to spam you are allowed to spam them.

Question 11

When can you spam an ordinary human?

Answer 11

Only when they consent to it

Question 12

When can you spam a business?

Answer 12

Any time except for mobile phones

Question 13

12 month rule on spamming?

Answer 13

If I sold you goods or services in the last 12 months, I can spam you without your consent once the spam is in relation to the product or something similar

When spamming, must have the option to unsubscribe

Question 14

What piece of law orders your providers to retain phone and internet traffic?

Answer 14

The data retention act 2011

Question 15

How long must your phone traffic be kept for?

Answer 15

2 years

Question 16

How long must your internet traffic be kept for?

Answer 16

1 year

Question 17

Who is in charge of enforcing data protection in Ireland?

Answer 17

Data protection commissioner

Question 18

What Irish act implements GDPR in Ireland?

Answer 18

Data protection act 2018

Question 19

What are the powers of the data protection commissioner?

Answer 19

They can stop you from processing, can ask you to provide info for them, can access your site both your property and your servers, can seize your material, can take and delete your database, can give warnings and advisories, can impose fines

Have to go to court if you want compensation

Question 20

What article gives me the right to sue for compensation for breach of GDPR?

Answer 20

Article 82

Question 21

What kind of damage can I sue for?

Answer 21

For material and non-material damage

Material - actual loss to me

Non - material - worried, can’t show actual damage yet, worry and anxiety, embarrassment

Question 22

What is an SCC?

Answer 22

Standard contractual clause

Approved clauses under which our data can be sent out of europe

Question 23

When can I legally transfer data out of Europe?

Answer 23

If I had a lead supervisory authority approved legal clause

Question 24

What’s the difference between a controller and a processor?

Answer 24

Processor answers to the controller - controller tells them what kind of data to collect and process

Question 25

What are the seven principles of data protection?

Answer 25

Obtain and process lawfully, fairly and transparently

Purpose and limitation

Data minimisation

Accuracy

Storage limitation - get rid of it when you no longer need it

Integrity and confidentiality - keep it safe and secure

Accountability

Question 26

What is an article 35 assessment?

Answer 26

Has to be carried out if you are going to engage in high-risk processing - anything that deals with section 9 special categories of information

Question 27

What kind of processing is exempt from GDPR?

Answer 27

Once you can show that it’s for the common good, protecting health and morality, fighting crime, archiving, once the interference is proportionate & necessary