Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/E > Employment Relationships > Flashcards

Employment Relationships Flashcards

1
Q

Article 88 of the general data protection regulation recognizes that member states may provide for more specific rules around processing employees‘ personal data. What are these rules?

A

These rules must include suitable and specific measures to safeguard the data subject’s human dignity, legitimate interest and fundamental rights, with particular regard to the transparency of processing, the transfer of personal data within a group of undertakings, or a group of enterprises engaged in the joint economic activity and monitoring systems at the workplace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which grounds do employers usually rely on to process employees personal data?

A
  • The employee has given consent
  • processing is necessary to fulfill the employment contract between the employer and employee
  • processing is necessary for compliance with a legal obligation to which the employer is subject
  • Processing is necessary for the employer’s legitimate interest
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Are public authorities able to rely on the legitimate interest ground for processing employees data?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an example of the legitimate interest ground to process personal data about employees?

A

For example, when an employee carries out a structural systems change to migrate employee data from an old payroll system to a new one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Under the general data protection regulation, what does the notification to employees need to provide in terms of the level of detail?

A

The purpose for the processing, the legal basis, what the legitimate interest are, when that ground is relied upon, the recipients of their data, where the data will be transferred to and for how long the employer will retain their data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When is a data protection impact assessment required for monitoring of an individual employee?

A

A DPIA is required if the monitoring results or amounts to a systematic and extensive evaluation of personal aspects of individuals that is based on automated processing and on which decisions are based that produce legal effects or similarly significantly affect the individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which was one of the first DPAs to consider the lawfulness of whistleblowing schemes under EU data protection?

A

French DPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What aspects do you need to consider for a whistleblowing policy taking into account the guidance provided by the French DPA and the WP 29?

A
  • individuals reporting
  • Individuals incriminated
  • confidentiality vs anonymity
  • scope of reports
  • management of reports
  • data retention
  • information provision
  • rights of incriminated person
  • security of reports
  • transfers outside the EEA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPP/E (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions