European Data Protection Law and Regulation Flashcards
Data Protection Concepts
Personal data, sensitive personal data, pseudonymous and anonymous data,
processing, controller, processor, data subject
B. Territorial and Material Scope of the GDPR
Establishment in the EU, non-establishment in the EU
C. Data Processing Principles
Fairness and lawfulness, purpose limitation, proportionality, accuracy, storage
limitation (retention), integrity and confidentiality
D. Lawful Processing Criteria
Consent, contractual necessity, legal obligation, vital interests and public interest,
legitimate interests, special categories of processing
E. Information Provision Obligations
Transparency principle, privacy notices, layered notices
F. Data Subjects’ Rights
Access, rectification, erasure and the right to be forgotten, restriction and objection,
consent (and withdrawal of), automated decision making, including profiling, data
portability, restrictions
G. Security of Personal Data
Appropriate technical and organisational measures, breach notification, vendor
management, data sharing
H. Accountability Requirements
Responsibility of controllers and processors, data protection by design and by
default, documentation and cooperation with regulators, data protection impact
assessments (DPIAs), mandatory data protection officers, auditing of privacy
programs
I. International Data Transfers
Rationale for prohibition, adequate jurisdictions, Safe Harbor and Privacy Shield,
Standard Contractual Clauses, Binding Corporate Rules (BCRs), codes of conduct
and certifications, derogations, transfer impact assessments (TIAs)
J. Supervision and Enforcement
Supervisory authorities and their powers, the European Data Protection Board, role
of the European Data Protection Supervisor (EDPS)
K. Consequences for GDPR Violations
Process and procedures, infringement and fines, data subject compensation
