Lecture 2: Scope of application Flashcards

1
Q

The GDPR is Directly Effective. What does this mean?

A

GDPR is directly effective (Because it’s a regulation rather than a directive). Therefore there is no need for transposition/translation into local national law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Does the GDPR allow member countries to adopt supplementary laws?

A

Yes, in certain defined areas. (E.g employment)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Does National Law or GDPR take precedent?

A

The GDPR takes precedent over any conflicting national legislation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the GDPR apply to? (Material Scope)

A

1) Processing of personal data wholly or partially by automated means
2) Processing of personal data other than by automated means, which form part of, or is intended to form part of a filing system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a data subject?

A

An identified or identifiable natural person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does “Personal Data” entail?

A

Personal data is any information relating to an identified or identifiable natural person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Give three examples of “Personal Data”

A

1) Name
2) Email
3) ID Number
4) Telephone number
5) Appearance
6) Address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the exceptions from material scope? (I.E What does the GDPR NOT apply to?)

A
  1. Activities with scope outside of EU Law
  2. Member state activities falling within Chapter 2 of Title V of the TEU
  3. Activities by a natural person, purely personal, or household activity
  4. Activities by competent authorities for crime prevention, investigation etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Territorial Scope of GDPR?

A

If a controller/processor is in the Union, the GDPR is effective, regardless whether the processing takes place in the Union or not. (Controller/Processor in EU)

It also takes place if the Data Subject is in the union, even if the controller/processor is not in the union, if the activities are related to:
1) Offering of goods or services (even if payment is not required)
2) The monitoring of their behaviour
(Data Subject in EU)

Finally GDPR applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law. (EU law applies by public international law)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the GDPR Life Cycle?

A
  1. Generation
  2. Use
  3. Transfer
  4. Transformation
  5. Storage
  6. Archival
  7. Destruction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a DPA, where are they located, and what is their function?

A

A DPA is a Data Protection Agency and there is one in every member state.
They act as independent public authorities. Their primary function is to supervise the application of data protection law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who is the EDPB? What is their function?

A

the European Data Protection Board(EDPB), is an independent European body which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities

The EDPB is composed of representatives of the national data protection authorities and the European Data Protection Supervisor (EDPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What could a sample “Responsibility Checklist” look like?

A

1) Know for which purposes you are processing personal data
2) Know which personal data is needed to fulfil the purposes and legality of processing
3) Know your processing landscape, physically and digitally
4) Adapt your processing accordingly
5) Document the above in your record of processing, cf. Art. 30
6) Be transparent and inform the data subjects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly