Unit 3 Database - GDPR Data Protection

Question 1

What is the General Data Protection Regulation (GDPR)?

Answer 1

The GDPR is a set of rules designed to give EU citizens greater control over their personal data. It replaces and strengthens existing data protection laws, ensuring they remain relevant in the internet age.

Question 2

When did GDPR come into effect?

Answer 2

GDPR came into force on May 25, 2018.

Question 3

What is UK GDPR?

Answer 3

After the UK left the European Union, a version of GDPR known as UK GDPR was implemented as UK law.

Question 4

What are the six key principles of GDPR regarding data processing?

Answer 4

1. Processed lawfully, fairly, and transparently
2. Used for the declared purpose only
3. Limited to the necessary data
4. Accurate
5. Not kept longer than necessary
6. Held securely

Question 5

Who is a Data Subject under GDPR?

Answer 5

The individual whose personal data is being collected and processed.

Question 6

What qualifies as Personal Data?

Answer 6

Any information that can directly identify an individual, such as their name, address, IP address, or device ID.

Question 7

Who is a Data Controller?

Answer 7

An organization or company that determines how and why personal data is processed.

Question 8

Who is a Data Processor?

Answer 8

A third-party entity that processes personal data on behalf of a Data Controller.

Question 9

What is a Privacy Notice?

Answer 9

A document provided by the Data Controller informing the Data Subject about how their data will be processed and for how long.

Question 10

What are the 8 rights of Data Subjects under GDPR?

Answer 10

1. Right to be informed
2. Right to access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights related to automated decision-making and profiling

Question 11

Under what circumstances must personal data be erased?

Answer 11

1. No longer needed for the original purpose
2. Consent is withdrawn
3. The Data Subject objects to processing
4. Data was processed unlawfully
5. Legal requirement to delete it
6. Data was collected from a child without parental consent

Question 12

What is the Right to Data Portability?

Answer 12

The right to move personal data between different services, such as downloading shopping history from a retailer.

Question 13

What is the Right to Object?

Answer 13

The right to object to data processing for direct marketing, research, or where the processing is based on ‘legitimate interest’.

Question 14

What is the Right to Challenge Automated Decision Making?

Answer 14

Data subjects can:
1. Request a human review of decisions
2. Express their viewpoint
3. Obtain an explanation of decisions
4. Challenge the decision

Question 15

What are the lawful bases for processing data under GDPR?

Answer 15

1. Consent
2. Contract
3. Legal Obligation
4. Vital Interest
5. Public Task
6. Legitimate Interest

Question 16

What is a Data Breach?

Answer 16

A security incident that results in personal data being lost, accessed by unauthorized parties, corrupted, or made unavailable.