GDPR Core Flashcards
Copied organization from this deck: https://www.brainscape.com/packs/cipp-e-10493977 Goal is to prepare for exam my way, but I agree with the organization used by that creator. This is a different approach at the same problem.
Personal Data (EU)
Info relating to an identified or identifiable natural person.
How can a natural person be identified?
Directly or indirectly
Attributes that can be used to identify a person
ID Number
Factors relating to physical, psychological, mental, economic, cultural, or social identity.
What are these?
ID Number
Factors relating to physical, psychological, mental, economic, cultural, or social identity.
Personal data
Natural personal
An actual human to whom data applies
Schellman.com definition
Data processing
Any operations performed on personal data.
What are these examples of regarding personal data?
Collection Recording Storage Adaptation Retrieval Consultation Disclosure Alignment/Combination Erasure
Data processing
Right to restriction
Individual’s right to limit/prohibit an entity from processing personal data.
Profiling
Any form of automated processing of personal data to evaluate personal aspects.
What does profiling do?
Make predictions about work performance, credit, health, interests, behavior, location, etc.
Automated processing of personal data to make predictions is called…
Profiling
Pseudonymisation
Processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.
How do you prevent pseudonymisation from being reversed?
Keep identifying information separate from pseudonymized data using technical and organizational measures.
Who does pseudonymized data apply to?
Identified or identifiable natural persons.
Data subjects
Data controller
Determines the purposes and means of the processing of personal data
Who can be a data controller? (4+1)
Natural or legal person
Public authority
Agency
Any other body alone or jointly that determines purpose and means of processing.
May be determined by EU or member state law.
Data processor
Processes personal data on behalf of the controller
Who can be a data processor?
Natural or legal person (other than an employee of the controller)
Public authority
Agency
Can an organization be both a processor and controller?
Yes
What can a natural or legal person, public authority, or
agency be? (4)
Data Controller
Data Processor
Data Recipient
Third Party
Data recipient
A person/entity to which personal data is disclosed, except public authorities in an inquiry in accordance with EU/state law.
Who is not regarded as a data recipient?
Public authorities in the “framework” of an inquiry (in accordance with law).
