GENERAL DATA PROTECTION REGULATION Flashcards
What is the GDPR?
A comprehensive data protection regulation that came into effect on May 25 - 2018 - aiming to harmonize data privacy laws across Europe and protect EU citizens’ data privacy.
When did the GDPR come into effect?
May 25 - 2018.
What are the aims of the GDPR?
To harmonize data privacy laws across Europe - protect and empower all EU citizens’ data privacy - and reshape how organizations approach data privacy.
What is the principle of lawful fair - and transparent processing under the GDPR?
Personal data must be processed lawfully - fairly - and transparently.
What is the purpose limitation principle?
Data must be collected for specified - explicit - and legitimate purposes.
What does the data minimization principle entail?
Data should be adequate - relevant - and limited to what is necessary.
What is the data quality principle under the GDPR?
Data must be accurate and kept up to date.
What is the data retention principle?
Data should be kept in a form that permits identification of data subjects for no longer than is necessary.
What does the integrity and confidentiality principle require?
Data must be processed in a manner that ensures appropriate security.
What is the accountability principle?
Data controllers are responsible for compliance and must be able to demonstrate this.
What rights do data subjects have under the GDPR?
Rights of access - rectification - erasure - restriction - portability - objection - refusal of automated decision-making and profiling.