Ethics and Data Protection Flashcards
What is stated in Article 2 GDPR?
- Material Scope
- Processing of personal data
- Exception: household activity
What is stated in Article 3 GDPR?
Establishment of a controller or a processor in the Union
What is stated in Article 4 GDPR?
Definitions
What is personal data?
Any information relating to an identified or identifiable natural person (’data subject’) directly or indirectly
What is processing?
Any operation or set of operations which is performed on personal data
What is profiling?
Use of personal data to evaluate certain personal aspects relating to a natural person
What does the GDPR apply to?
- Article 10 Data relating to criminal convictions and offences
- Article 4 Personal data
What are the special categories?
- Racial or ethnic origin
- Political opinions, religious or philosophical beliefs
- Trade Union Membership
- Genetic and/or biometric data processed for the purpose of identifying a person
- Health, sexual life or sexual orientation
When do the special categories not apply?
- Explicit consent
- Made public by the data subject
What are the principles related to processing of personal data in Article 5?
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Data accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
When is processing considered lawful?
When:
- Freely given
- Specific
- Informed
- Unambiguous
What does the purpose limitation ground include?
A purpose must be:
- Specific
- Explicit
- Legitimate
- Not further processed that is incompatible with the current purpose
What are the exceptions in Article 89?
- Public Interest
- Scientific or Historical Research purposes
- Statistical purposes
What does the Data minimization ground tell?
- Adequate, relevant and limited
- Necessary in relevant to the purpose
What does the Data accuracy ground tell?
- Accurate and kept up-to-date
- Erased or rectified without any delay if wrong
What do we mean with the Integrity and Confidentiality ground?
- Appropriate security
- Protection against unauthorised or unlawful processing and against loss
- Technical and organisational measures for protection
Who is accountable?
Controller
How can we secure personal data according to Article 32?
Pseudonymisation and Encryption
When do we require DPIA?
When a type of processing is likely to result in high risk to the rights of natural persons. It aims to assess the impact on protection of personal data.
What is the first thing to do when a data breach occurs?
Notify victims without any delay
When is a Data Protection Officer involved?
- Processing by public authority
- Systematic monitoring of the data subject
- Special categories of data