GDPR Flashcards
What is the definition of personal data?
Any information relating to an identified or identifiable natural person
What are the six principles for data processing?
- Lawfulness, Fairness, Transparency
- Purpose limitation
- Data minimalisation
- Accuracy
- Storage limitation
- Integrity and Confidentiality
How does a data controller make the data lawful, transparent, and fair?
Shall be process lawfully, fairly and in a transparent manner in relation to the data subject
How does a data controller make the data purpose limited?
Shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
How does a data controller make the data minimal?
Shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
How does a data controller make the data accurate?
Shall be accurate and, where necessary, kept up to data; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
How does a data controller make the data storage limited?
Shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes which the personal data are processed
How does a data controller make the data confidential?
Shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
In what six situations is processing of personal data allowed?
- Consent
- Necessity for contract
- Legal obligation
- Vital interest of a natural person
- Necessary for performance of public task
- Legitimate interests of the controller
What are the special categories of data that are prohibited from being processed?
Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning a natural person’s sex life or sexual orientations
What are the eight rights of the data subject?
Right to…
1. Information
2. Rectification
3. Erasure/be forgotten
4. Data portability
5. Object
6. Not be subjected to completely automated decision-making
7. Lodge a complaint
8. Judicial remedies
What is the right to transparent information?
The data controller shall provide easily accessible and clear information to the data subject and shall ensure the data subject can exercise their data subject rights
What is the right to rectification?
The right to rectify any incorrect or incomplete information
What is the right to erasure?
The right to have personal data erased if there is no longer a legal basis for the data to be in the hands of the processor
What is the right to data portability?
The right to receive their personal data which they have provided and the right to then transmit that data to another controller (i.e. moving health records to another country)
