Data protections Flashcards
What does GDPR stand for?
General Data Protection Regulation
True or False: GDPR applies only to organizations within the European Union.
False
Which year was the GDPR enacted?
2016
Fill in the blank: GDPR aims to protect the __________ of individuals within the EU.
privacy
What is the primary purpose of GDPR?
To give individuals control over their personal data and to simplify the regulatory environment for international business.
Multiple choice: Which of the following is NOT a right granted under GDPR? A) Right to access B) Right to data portability C) Right to unlimited data retention
C) Right to unlimited data retention
What is required for organizations to process personal data under GDPR?
A legal basis, such as consent or legitimate interest.
True or False: GDPR requires organizations to appoint a Data Protection Officer (DPO) in all circumstances.
False
What is the maximum fine for non-compliance with GDPR?
Up to 20 million euros or 4% of global annual revenue, whichever is higher.
What does ‘data subject’ mean in the context of GDPR?
An individual whose personal data is being processed by an organization.
What does GDPR stand for?
General Data Protection Regulation
True or False: GDPR applies only to organizations located within the European Union.
False
Fill in the blank: One of the key principles of GDPR is __________, which means that personal data must be processed lawfully, fairly, and transparently.
lawfulness, fairness, and transparency
Which principle of GDPR states that personal data should be collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes?
Purpose limitation
What is the principle of data minimization in GDPR?
It requires that only data necessary for the purposes of processing is collected.
What knowledge do you have or GDPR and data Managment practice?
ongoing practice, not a one-time task. Implementing clear policies, staff training, and secure systems helps avoid fines and legal issues.
Only collect necessary data – e.g., tenant references, landlord details, rent payments.
Obtain clear consent – Ensure tenants and landlords know how their data will be used.
Have a legal basis – Most data is processed under contractual necessity, legitimate interest, or legal obligation (e.g., Right to Rent checks).
Secure databases – Use encrypted CRM systems, password protection, and access controls.
Paper files – Keep in locked cabinets, restrict access.
Limit access – Only authorized staff should access sensitive information.
Data retention policy – Delete data when no longer needed (e.g., tenant records after 6 years).
How did you comply with GDPR when collecting the tenants information?
I ensure that I received the users consent before storing there information and once the tenant registration was completed the tenant would receive a clear privacy policy explaining how their data would be used.
I only collect necessary personal data.
Using an encrypted CMS system.
What regulation states you need permission to hold personal data?
General Data Protection Regulation (GDPR) – Article 6
Under Article 6 of GDPR, an organization must have a lawful basis to process personal data. The six lawful bases include:
1️⃣ Consent – The individual has given clear permission for their data to be used for a specific purpose.
2️⃣ Contract – Data processing is necessary for a contract with the individual (e.g., providing a service).
3️⃣ Legal Obligation – Required by law (e.g., tax records, employment laws).
4️⃣ Vital Interests – Necessary to protect someone’s life (e.g., medical emergencies).
5️⃣ Public Task – Needed for official duties (e.g., government functions).
6️⃣ Legitimate Interests – The organization has a genuine reason, but it must not override the individual’s rights.
