Personal data Flashcards
What is personal data (include Article)?
Article 4(1) personal data = (1) any information (2) relating to (3) an identified or identifiable (4) natural person.
What are examples of personal data? What happens when they are aggregated?
Examples = gender, age, DOB, marital status, citizenship, veteran status, languages spoken, physical addresses, internal ID numbers, government ID numbers etc.
Aggregation could make a person identifiable.
What is anonymous data? Is it covered by the GDPR?
Data that is not related to an identified or identifiable person and has been rendered unidentifiable.
Recital 26 GDPR states that the GDPR does not apply to anonymous data.
What is pseudonymous data? How is it related to the GDPR?
Not fully anonymous.
Went through a process that detached the aspects of the data attributed to a specific individual (like creating an alias for a person’s name), yet the personal data is still retrievable.
Typically a security measure.
Subject to EU laws.
What does the GDPR say about processing Special Categories of personal data (include Article)? What are the Special Categories?
Article 9(1) Special Categories of personal data = racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Processing of Special Categories of data are prohibited unless:
(a) the data subject has given explicit consent, except where law provides the prohibition may not be lifted by the data subject;
(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of data subject in the field of employment and social security/protection law;
(c) processing is necessary to protect the vital interests of the data subject or of another natural person;
(d) processing is carried out in the course of its legitimate interests with appropriate safeguards by a foundation/not for profit body with a political, philosophical, religious or trade union aim;
(e) processing relates to personal data which are manifestly made public by the data subject;
(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
(g) processing is necessary for reasons of substantial public interest;
(h) processing is necessary for the purposes of preventative or occupational medicine, medical diagnosis etc;
(i) processing is necessary for reasons of public interest in the area of public healthy;
(j) processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
What is unique about processing personal data related to criminal convictions and offences (include Article)?
Article 10 - should only be carried out under the control of official authority or when the processing is authorised by Union/Member law providing for appropriate safeguards.
Any comprehensive register of criminal convictions shall be kept only under the control of official authority.
