GDPR Core Flashcards
Copied organization from this deck: https://www.brainscape.com/packs/cipp-e-10493977 Goal is to prepare for exam my way, but I agree with the organization used by that creator. This is a different approach at the same problem.
Personal Data (EU)
Info relating to an identified or identifiable natural person.
How can a natural person be identified?
Directly or indirectly
Attributes that can be used to identify a person
ID Number
Factors relating to physical, psychological, mental, economic, cultural, or social identity.
What are these?
ID Number
Factors relating to physical, psychological, mental, economic, cultural, or social identity.
Personal data
Natural personal
An actual human to whom data applies
Schellman.com definition
Data processing
Any operations performed on personal data.
What are these examples of regarding personal data?
Collection Recording Storage Adaptation Retrieval Consultation Disclosure Alignment/Combination Erasure
Data processing
Right to restriction
Individual’s right to limit/prohibit an entity from processing personal data.
Profiling
Any form of automated processing of personal data to evaluate personal aspects.
What does profiling do?
Make predictions about work performance, credit, health, interests, behavior, location, etc.
Automated processing of personal data to make predictions is called…
Profiling
Pseudonymisation
Processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.
How do you prevent pseudonymisation from being reversed?
Keep identifying information separate from pseudonymized data using technical and organizational measures.
Who does pseudonymized data apply to?
Identified or identifiable natural persons.
Data subjects
Data controller
Determines the purposes and means of the processing of personal data
