Principles Related To DP Flashcards
Explain lawfulness in the context of GDPR
Identification of a legal basis for processing, which includes
- consent of data subject
- performance of a contract to which the data subject is a party
- controllers compliance with legal obligation
Explain fairness in the context of GDPR
- Avoiding negative impact on data subjects
- Considering reasonable expectation of privacy
- Not misleading or deceiving data subject
Explain transparency in the context of GDPR
- compliance with obligations on information provision to data subjects
- Clear, plain language accessible, and honest information
- Avoiding opacity (invisible processing)
Explain purpose limitation
Personal data shall be collected for specified explicit and legitimate purposes
Controllers have to inform data subjects about purposes
Explain data minimisation
Adequate sufficient to properly fulfil controllers purpose
Relevant rational link to purpose
Explain accuracy in the context of GDPR
Contextual, meaning
Controllers should ensure that source and status of personal data is clear
Carefully consider any challenges to the accuracy of information
Explain storage limitations in the context of GDPR
Considering retention periods retention policies by using erasure and analyzation
Exceptions apply
Explain, integrity and confidentiality i context of GDPR
- Controllers and processors to implement appropriate security measures
- Security measures must be proportional to the risks associated with processing activities
- Factors that term in the appropriate level of security include nature of the data and potential impact on individuals, rights and freedom
Explain how organisations are held accountable
- Data protection as risk management policy
- Data protection by design
- Data protection by default
Name and describe all GDPR personae
Data subjects: Individuals to whom the data relates.
Controllers: Entities that determine purposes and means of processing.
Processors: Entities that process data on behalf of a controller.
Data protection officers (DPOs): Individuals responsible for ensuring GDPR compliance.
Supervisory authorities: Public bodies responsible for enforcing GDPR.
What are Joint controllers
Two or more entities that jointly determine data processing purposes and means, each responsible for GDPR compliance with a legal basis for processing and a joint agreement outlining their responsibilities and obligations.
