Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

EPSO > Obligations of controllers and processors > Flashcards

Obligations of controllers and processors Flashcards

1
Q

What responsibilities do controllers have?

A

Article 5(2) - Accountability
Article 24 - Responsibilities (implement technical and organisational measures and policies)
Article 25 - Privacy by design/default
Article 26 + 82 - Joint controllers and liability in cases of compensation
Article 27 - Representatives when not established in EU
Article 28(1-3) - Only use processors providing sufficient guarantees and make data processing agreement
Article 30 - Records of processing activities
Article 31 - Cooperation with DPA
Article 32 - Security of processing; tech/org measures
Article 33 - Notification of DPA of data breach
Article 34 - Notification of subject of data breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are a processor’s obligations?

A

Article 28

(1) Provide sufficient guarantees to controller to implement tech/org measures to be compliant with GDPR
(2) Must obtain consent from controller before engaging sub-processor
(4) Liable for performance of sub-processor’s obligations
(3) Enter into contract

Article 29 - Only process data on instructions from controller

Article 30 - Keep records of processing activities

Article 33(2) - Notify controller of data breach

Article 37 + 38- Designate DPO

Article 44 - Transfers only when compliant with chapter V

Article 82 - Processor liable in regards to compensation but exempt if it proves that it is not in any way responsible for the event giving rise to the damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When is a DPIA in particular required?

A

Article 35(3)

(a) Systematic and extensive evaluation of persons based on automated processing, including profiling, on which decisions are based that produce legal effects or similarly significantly affects a person
(b) Processing on a large scale of Art. 9-data and Art 10-data
(c) Systematic monitoring of a publicly accessible area on a large scale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What must a DPIA contain?

A

Article 35(7)

(a) Systematic description of processing + purposes
(b) Assessment of necessity and proportionality
(c) Assessment of the risks to rights and freedoms
(d) Measures envisaged to address the risks; safeguards, security measures mechanism to ensure protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

EPSO (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions