Ethics and Data Protection

Question 1

What is stated in Article 2 GDPR?

Answer 1

1. Material Scope
2. Processing of personal data
3. Exception: household activity

Question 2

What is stated in Article 3 GDPR?

Answer 2

Establishment of a controller or a processor in the Union

Question 3

What is stated in Article 4 GDPR?

Answer 3

Definitions

Question 4

What is personal data?

Answer 4

Any information relating to an identified or identifiable natural person (’data subject’) directly or indirectly

Question 5

What is processing?

Answer 5

Any operation or set of operations which is performed on personal data

Question 6

What is profiling?

Answer 6

Use of personal data to evaluate certain personal aspects relating to a natural person

Question 7

What does the GDPR apply to?

Answer 7

• Article 10 Data relating to criminal convictions and offences
• Article 4 Personal data

Question 8

What are the special categories?

Answer 8

1. Racial or ethnic origin
2. Political opinions, religious or philosophical beliefs
3. Trade Union Membership
4. Genetic and/or biometric data processed for the purpose of identifying a person
5. Health, sexual life or sexual orientation

Question 9

When do the special categories not apply?

Answer 9

1. Explicit consent
2. Made public by the data subject

Question 10

What are the principles related to processing of personal data in Article 5?

Answer 10

1. Lawfulness, fairness, and transparency
2. Purpose limitation
3. Data minimization
4. Data accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Question 11

When is processing considered lawful?

Answer 11

When:

1. Freely given
2. Specific
3. Informed
4. Unambiguous

Question 12

What does the purpose limitation ground include?

Answer 12

A purpose must be:

1. Specific
2. Explicit
3. Legitimate
4. Not further processed that is incompatible with the current purpose

Question 13

What are the exceptions in Article 89?

Answer 13

1. Public Interest
2. Scientific or Historical Research purposes
3. Statistical purposes

Question 14

What does the Data minimization ground tell?

Answer 14

1. Adequate, relevant and limited
2. Necessary in relevant to the purpose

Question 15

What does the Data accuracy ground tell?

Answer 15

1. Accurate and kept up-to-date
2. Erased or rectified without any delay if wrong

Question 16

What do we mean with the Integrity and Confidentiality ground?

Answer 16

1. Appropriate security
2. Protection against unauthorised or unlawful processing and against loss
3. Technical and organisational measures for protection

Question 17

Who is accountable?

Answer 17

Controller

Question 18

How can we secure personal data according to Article 32?

Answer 18

Pseudonymisation and Encryption

Question 19

When do we require DPIA?

Answer 19

When a type of processing is likely to result in high risk to the rights of natural persons. It aims to assess the impact on protection of personal data.

Question 20

What is the first thing to do when a data breach occurs?

Answer 20

Notify victims without any delay

Question 21

When is a Data Protection Officer involved?

Answer 21

1. Processing by public authority
2. Systematic monitoring of the data subject
3. Special categories of data