Module 4: Processing Personal Data Flashcards
What is processing?
Any operation performed on personal data.
What are the GDPR principles of processing?
Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality Accountability
What’s the territorial scope of the GDPR?
Processing of personal data where a controller or processor is in the EU
Processing of personal data of data subjects in the EU relating to offering of goods/services or monitoring behaviour in the EU
Processing of personal data by a controller not established in the EU but in a place where member state law applies by virtue of public international law
What is the material scope of the GDPR?
Article 2 - the processing of personal data wholly or partly by automated means or processing other than by automated means of personal data which forms part of a filing system.
What are the lawful grounds for controllers to process data?
Consent Contractual necessity Legal obligation Vital interests Public interest Legitimate interests
What is consent?
A clear affirmative act Freely given Specific and informed Unambiguous Indication of wishes Written, electronic, oral or any other means Conditional - can be withdrawn Consent has elevated requirements, so is the least reliable basis for processing
What is the least reliable basis for processing?
Consent, due to elevated requirements and the ability to be withdrawn.
Consent for children’s data must be with authorisation of…
A parent or guardian (under 16 years old)
What is legitimate interest?
Where processing is necessary and the interests are balanced against the data subject’s. The criteria for this is more restrictive.
Special category data is prohibited for processing except if…
Explicit consent has been given
It is in the context of employment
It supports the vital interests of the individual
For political, philosophical or religious purposes
The sensitive data is manifestly made public
