Data protection concepts

Question 1

4 building blocks of the term “Personal data” are:

Answer 1

• Any information
• Relating to
• An identified or identifiable
• Natural person

Question 2

What are the aspects of term “information”?

Answer 2

• Nature (objective/subjective)
• Content (any sort of information)
• Format (any form)

Question 3

What are the elements of term “relating to”?

Answer 3

• Content (information is about person)
• Purpose (to evaluate/consider/analyze)
• result (impact on rights/interests)

Question 4

Sensitive personal data is data about:

Answer 4

• racial or ethnic
• political
• religious/philosophical
• trade union membership
• genetic data
• biometric for purpose uniq identifying
• regarding health
• sex life/orientation

Question 5

What are the 5 building blocks of concept Controller

Answer 5

1. Natural or legal person, public authority, agency or other body
2. Determines
3. Alone or jointly with others
4. The purpose and means
5. of the processing of PD

Question 6

Example when Controller has no contact with PD but still remains controller

Answer 6

Ordering Marketing research with specific parameters.

Question 7

Converging decision as per Guidelines is

Answer 7

Decision of joint controllers, which complement each other, necessary for processing and have tangible impact on determination of purpose and means

Question 8

Case example of joint controllership

Answer 8

Fashion ID + Facebook like button

Question 9

What are the 2 building blocks of concept Data processor

Answer 9

1. Separate legal entity from Controller
2. Processes PD on behalf of Controller

Question 10

Example when entity can be processor and controller simultaneously

Answer 10

Pay role provider processes PD to administer benefits, but it also can use same data of key management for procurement purposes

Question 11

Which GDPR article sets the requirement for processing agreement?

Answer 11

28

Question 12

requirements as per art 28 for processing agreement:

Answer 12

1. processing only on instructions
2. persons processing data are bound with confidentiality
3. Take all security measures as per art. 32
4. Assist Controller to execute data subject rights
5. Assist Controller to comply with security, DPIA, breach notif.
   Art.32-36
6. At Controller`s choice delete o return PD
7. Help Controller to demonstrate compliance w Art 28 (audit, insp)

Question 13

What are the building blocks of concept Processing?

Answer 13

1. Any operation or sets of operations
2. performed on PD or sets of PD
   such as:
   - Collection
   - recording
   - organization
   - structuring
   - storage
   - adaptation
   - retrieval
   - consultation
   - use
   - disclosure
   - alignment
   - erasure
   - destruction

Question 14

As per territorial scope, GDPR applies to:

Answer 14

• EU-established organizations (in context of their activity)
  -organization offer to sell products - services / or monitor individuals in EU

Question 15

name guidelines detailing territorial scope

Answer 15

EDPB Guidelines 3/2018

Question 16

EU-established organizations means

Answer 16

• company established in EU, doesn`t matter if processing within EU
• establishment = effective and real exercise of activity
• effective = bank account, representative, redirecting on EU web sites

Question 17

GDPR applies to non-EU established companies when

Answer 17

processing data of data subjects who are in EU
- offering goods and services
-monitoring behavior in EU
-

Question 18

exclusions when GDPR does not apply to non-EU established:

Answer 18

Company targets of goods and services on person in EU inadvertently or incidentally

Question 19

113