Privacy law & GDPR Flashcards
What is the right to privacy?
It is the right to be let alone and concerns situations where a private interest has been compromised.
What is the right to data protection?
It is the right to the protection of personal data, and it concerns the protection of personal data concerning an individual.
What are the key principles of the GDPR?
The key principles of the GDPR are lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality (security); and accountability.
What are the exceptions to transferring personal data to a non-EEA country?
The exceptions are
- adequacy decisions: (where the Commission has decided that the third country ensures an adequate level of protection -> shall not require any specific authorization)
- standard contractual clauses (in absence of decision, only if the controller of processor has provided appropriate safeguard)
What is a Data Protection Impact Assessment (DPIA)?
It is an assessment that is carried out by the controller prior to processing that is likely to result in a high risk to the rights and freedoms of natural persons.
Explain the process of processing, including the roles of controller and processor.
Any operation or set of operations which is performed on personal data.
Controller: ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controller is main addressee of obligations under de GDPR, determines the purpose and means of the processing.
Processor = ‘means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.’ Processor is obliged to only process personal data in line with a controller’s instructions.
What is the definition of Personal data?
any information relating to an identified or identifiable natural person (‘data subject’. E.g. contact details, work details, video surveillance, fingerprints, dynamic IP address.
What is the definition of Special Personal Data (as opposed to Personal Data)?
have a larger impact on privacy than ordinary personal data. E.g. revealing racial, ethnic, political, religious, genetic, sex life, sexual orientation.
What is the key principle of ‘lawfulness, fairness and transparency’?
Any processing of personal data should be lawful and fair. The transparency principle requires that the data subject is fully aware of the processing of personal data.
What is the key principle of ‘purpose limitation’?
There should be a purpose that is specific, explicit and legitimate. Purpose has to be specified at the start of the processing.
What is the key principle of ‘data minimization?
GDPR defines that the processing of personal data should be limited to what is necessary to achieve the purpose.
What is the key principle of ‘accuracy’?
data must be accurate and kept up to date -> puts a continuous obligation on the controller.
What is they key principle of ‘storage limitation’?
the processing cannot take any longer than strictly necessary for the purpose under which it was collected
What is the key principle of ‘integrity & confidentiality’?
data subject may not only be harmed by the unlawful processing of their personal data but also as a result of the loss of this data. Controller must implement technical and organizational measures to ensure that personal data is not falsely disclosed, hacked or lost.
What is the key principle of ‘accountability’?
controller is responsible for compliance with many elements of the GDPR.
