Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/E > Information Provision Obligations > Flashcards

Information Provision Obligations Flashcards

1
Q

Under article 14 of the GDPR, it addresses situations in which personal data is not obtained directly from the data subject. There are certain requirements which the controller is exempt from. What are these?

A

As personal data is not obtained directly from the data subject, there is no requirement to inform the data subject whether the provision of personal data is a statutory or contractual requirement or requirement necessary to enter into a contract, or to explain whether the data subject is obliged to provide the personal data and the possible consequences of not doing so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When do data subjects have the right to object to the processing of personal data?

A

Where that processing is
– conducted on the basis of the controllers legitimate interest or is necessary for the performance of the task carried out in the public interest, and this includes the right to object to profiling based on these provisions
– for the purpose of direct marketing, including profiling to the extent that it is related to direct marketing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where personal data is transferred to a third country or international organisation on the basis of the controller’s compelling legitimate interests and own assessment of the circumstances surrounding the transfer what do they have to inform the data subjects?

A

Data subject must be informed of the transfer and of the compelling legitimate interest pursued by the controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where personal data is transferred to a third country or international organisation on the basis of consent, what do controllers have to inform data subjects?

A

Data subjects must be informed of the possible risk of the transfer due to the absence of either an adequacy decision from the commission or other appropriate safeguards, such as data protection clauses adopted by the commission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Where personal data is transferred to a third country or international organisation on the basis of binding corporate rules, what information must be provided to data subjects?

A

Data subject must be provided with information about the general data protection principles contained and the BCR, data subjects writes in relation to the processing and how to exercise them, including the right to obtain compensation for breaches of the BCR, and the liability arrangements under the BCR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Where personal data is obtained from a source other than the data subject the fair processing information is not needed to be provided where:

A
  • The data subject already has this information;
  • if obtaining or disclosing the personal data is expressly laid down by union or member state law to which the controller is subject and which provides appropriate measures to protect the data subject’s legitimate interest
  • Where the personal data must remain confidential subject to an obligation of professional secrecy regulated by union or member state law including statutory obligation of secrecy
  • if the provision of the information proves impossible or would involve a disproportionate effort provided that the conditions and safeguards are met or the provision of fair processing information is likely to render impossible or seriously impaired the achievement of the objectives of that processing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between the GDPR and the directive in terms of the number of disclosures a controller must make?

A

The GDPR increases the number of disclosures a controller must make before collecting personal data.

In addition to the identity of the controller, the purposes for processing, and any recipients of personal data, Article 13 requires controllers to disclose how long the data will be stored. Controllers also must inform data subjects of the right to withdraw consent at any time, right to request access, rectification or restriction of processing, and the right to lodge a complaint with a supervisory authority.

Furthermore this disclosures must be intelligible and easily accessible, using clear and plain language that is tailored to the appropriate audience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is the right to object to processing significantly expanded under article 21 of the GDPR?

A

Whereas under the directive, the data subject could only object to processing where she could demonstrate compelling legitimate grounds, the GDPR flips the burden, allowing the data subject to object any time processing is based on public interest or the legitimate interests of the controller, Unless the controller demonstrates compelling legitimate grounds.

This is in addition to the data subjects right to withdraw consent whenever processing is based on consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the time within which the controller needs to respond to the data subject when they receive an access request?

A

Without undue delay or within a month of receiving the request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPP/E (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions