DPA_04-PRINCIPLES AND OBLIGATIONS OF PERSONAL DATA PROTECTION

Question 1

What is the principle of lawful processing of personal data?

Answer 1

Personal data must be processed lawfully, fairly, and transparently.

Question 2

What does the principle of purpose limitation entail?

Answer 2

Personal data should be collected for
1. explicit,
2. specified, and
3. legitimate purposes and not further processed in a manner incompatible with those purposes.

Question 3

What is meant by data minimization?

Answer 3

Personal data collected should be
1. adequate,
2. relevant, and
3. limited to what is necessary for the purposes for which it is processed.

Question 4

How should personal data be maintained according to the accuracy principle?

Answer 4

Personal data must be
1. accurate and
2. kept up to date, with steps taken to rectify inaccuracies without delay.

Question 5

What is the Storage (retention) limitation principle?

Answer 5

Personal data should not be kept in a form that identifies data subjects for longer than necessary for the purposes for which it was collected.

Question 6

What does the principle of security require?

Answer 6

Data controllers and processors must
1. implement appropriate technical and
2. organizational measures to protect personal data against unauthorized access or processing.

Question 7

What is the significance of the right to privacy in data protection?

Answer 7

Personal data must be processed in accordance with the right to privacy of the data subject.

Question 8

What is required for the transfer of personal data outside Kenya?

Answer 8

Personal data may not be transferred outside Kenya unless there are
1. adequate data protection safeguards or
2. consent from the data subject.

Question 9

What is the duty to notify in the context of data protection?

Answer 9

Data controllers must notify data subjects about the collection and processing of their personal data.

Question 10

What is a data protection impact assessment?

Answer 10

It is an assessment to evaluate the impact of processing operations on the protection of personal data.

Question 11

What are the conditions for obtaining consent from data subjects?

Answer 11

Consent must be
1. freely given,
2. specific,
3. informed, and
4. unambiguous.

Question 12

What is the principle of data protection by design?

Answer 12

Data protection measures should be integrated into the development of business processes and systems from the outset.

Question 13

What does the principle of data protection by default entail?

Answer 13

Only personal data necessary for each specific purpose of processing should be processed by default.

Question 14

What rights do data subjects have under the data protection principles?

Answer 14

Data subjects have rights such as access, rectification, erasure, and data portability.

Question 15

What is the obligation of data controllers regarding data breaches?

Answer 15

They must notify the Data Protection Commissioner and affected data subjects of any data breaches.

Question 16

What is the role of the Data Protection Commissioner in enforcing these principles?

Answer 16

The Commissioner
oversees compliance,
conducts audits, and
can impose penalties for violations.

Question 17

What is the significance of transparency in data processing?

Answer 17

Data subjects must be informed about how their personal data is being used, enhancing trust and accountability.

Question 18

What is the principle of accountability in data protection?

Answer 18

Data controllers and processors are responsible for complying with data protection laws and must demonstrate compliance.

Question 19

What is the importance of organizational measures in data protection?

Answer 19

They ensure that data protection principles are implemented effectively within an organization.

Question 20

What is the principle of restriction on processing?

Answer 20

Personal data should not be processed in a way that is incompatible with the purposes for which it was collected.

Question 21

What is the right to object in data protection?

Answer 21

Data subjects have the right to object to the processing of their personal data under certain conditions.

Question 22

What is the principle of fairness in data processing?

Answer 22

Personal data must be processed in a manner that is fair to the data subject, avoiding any negative impact on their rights.

Question 23

What does the principle of transparency require from data controllers?

Answer 23

Data controllers must provide clear and accessible information to data subjects about how their data is processed.

Question 24

What is the significance of explicit consent in data processing?

Answer 24

Explicit consent is required for processing sensitive personal data, ensuring that data subjects are fully aware of the implications.

Question 25

How should data controllers handle inaccurate personal data?

Answer 25

They must take every reasonable step to ensure that inaccurate personal data is erased or rectified without delay.

Question 26

What is the principle of data portability?

Answer 26

Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Question 27

What does the principle of integrity and confidentiality entail?

Answer 27

Personal data must be processed securely to protect against unauthorized access, loss, or damage.

Question 28

What is the role of data protection training for employees?

Answer 28

Employees must be trained on data protection principles to ensure compliance and safeguard personal data.

Question 29

What is the requirement for conducting a data protection impact assessment (DPIA)?

Answer 29

A DPIA is required when processing is likely to result in a high risk to the rights and freedoms of data subjects.

Question 30

What does the principle of accountability entail for data processors?

Answer 30

Data processors must demonstrate compliance with data protection laws and be able to show evidence of their practices.

Question 31

What is the obligation of data controllers regarding data subject rights?

Answer 31

Data controllers must facilitate the exercise of data subject rights, such as access and rectification.

Question 32

What is the significance of documenting processing activities?

Answer 32

Documenting processing activities helps demonstrate compliance and accountability under data protection laws.

Question 33

What is the principle of purpose limitation in data collection?

Answer 33

Data should only be collected for specific, legitimate purposes and not used for unrelated purposes.

Question 34

How does the principle of necessity apply to data processing?

Answer 34

Personal data should only be processed if it is necessary for the intended purpose, avoiding excessive data collection.

Question 35

What is the requirement for data breach notifications?

Answer 35

Data controllers must notify the Data Protection Commissioner and affected individuals without undue delay after becoming aware of a breach.

Question 36

What is the principle of non-discrimination in data processing?

Answer 36

Data subjects should not be discriminated against based on their personal data, ensuring equal treatment.

Question 37

What does the principle of data retention specify?

Answer 37

Personal data should be retained only for as long as necessary to fulfill the purposes for which it was collected.

Question 38

What is the role of third-party processors in data protection?

Answer 38

Third-party processors must comply with data protection principles and ensure adequate safeguards are in place.

Question 39

What is the significance of privacy notices for data subjects?

Answer 39

Privacy notices inform data subjects about their rights and how their data will be used, promoting transparency.

Question 40

What is the principle of risk assessment in data processing?

Answer 40

Data controllers must assess risks associated with data processing activities to implement appropriate safeguards.

Question 41

What is the requirement for consent withdrawal?

Answer 41

Data subjects have the right to withdraw their consent at any time, and this must be made easy and accessible.

Question 42

What is the importance of regular audits in data protection?

Answer 42

Regular audits help ensure ongoing compliance with data protection laws and identify areas for improvement.