Security

Question 1

Before each processing activities takes place, a xxx must be carried out.

It is not based on the xxx to the company, but it focuses on the xxx of the data subject.

There is not a xxx for carrying out xxx but it should be xxx for xxx purposes.

Question 2

Important things to point out in the risk assment:
- general information about the xxx
- probability of a xxx to occur
- impact on the xxx xxx
- xxx/yyy measures to protect …

Question 3

2 types of security measures against … examples

Possible risks for data subject

Question 4

DPIA is more … and … than risk assessment.

The purpose is to evalute the … of high …

3 Examples of activities

Question 5

Art 32 Security of processing.

Taking into account 3 elements x y z the controller shall implement …

Including 4 examples: … of data, ability to ensure the … of data, ability to … data in a …. manner, processes for … … and …. of security measures.

Question 6

What are data breaches? -> Accidental or unlawful …, …, …, … to personal data.

Question 7

Art 33 Obligation to notify the DPA:
- within undue delay, no later than 72hours after becoming aware of it.
- no only if it is unlikely to … and the controller must be … to …. it

Question 8

Art 34 Obligation to notify the data subject:
- only if the breach is likely to… if not the controller should be able to …
- when? (no 72h)
- how? nature of the breach, reccomendations to mitigate the impact.