Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/E > Module 3 > Flashcards

Module 3 Flashcards

Controllers and processors

1
Q

Controller

A

Article 4(7): ‘the natural or
legal person, public authority,
agency or other body which,
alone or jointly with others,
determines the purposes and
means of the processing of
personal data’

Middelen delegeren mag; doelen stelt
de verantwoordelijke vast

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Joint controllers

A

Where two or more
controllers jointly determine
the purposes and means of
processing, they shall be
joint controllers.
(Article 26)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Processor

A

Article 4(8): ‘a natural or legal
person, public authority,
agency or other body which
processes personal data on
behalf of the controller’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Processor as controller

A

If a processor infringes this
Regulation by determining
the purposes and means of
processing, the processor
shall be considered to be a
controller in respect of that
processing (Article 28)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vendor management

A
  • Choose reliable processors
  • Maintain quality control and
    compliance throughout the
    duration of the arrangements
  • Frame the relationship in a
    contract (or other legally
    binding act)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Engaging processors - Precontractual duediligence

A
  • Appropriate technical and organisational measures to secure data
  • Processor’s data protection knowledge
  • Recent high profile breaches
  • Under investigation?
  • Accreditation
  • Processor’s policy framework
  • Sub-processors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Engaging processors - Components of a contract

A

Article 28
- Subject matter, duration and nature of the data processing
- Types of personal data and categories of data subjects
- Obligations and rights of the controller
- The processor’s responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Engaging processors - Contractual terms

A
  • Process on documented instructions only
  • Ensure confidentiality
  • Implement appropriate security
  • Get controller’s consent to engage processors
  • Assist with data breach notifications
  • Delete or return personal data
  • Assist the controller in providing for data subject rights
  • Demonstrate GDPR compliance
  • Contribute to audits, including inspections
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Soorten overeenkomst

A
  • Verwerkersovereenkomst (verantwoordelijke en verwerker)
  • Subverwerkersovereenkomst (verwerker en subverwerker)
  • Data-uitwisselovereenkomst (verantwoordelijke en
    verantwoordelijke)
  • Andere ‘onderlinge regeling’ (zelfstandige
    verantwoordelijkheid)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True or false: A data controller
may be a natural person or a
legal entity, while a data
processor must be a legal
entity

A

False: Verwerker en verantwoordelijke kunnen zowel natuurlijk persoon als rechtspersoon zijn.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or false: A contract protects a processor from being held to the same legal obligations as the controller.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True or false: A processor may decide where and how to process personal data.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPP/E (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions