Week 10 Flashcards
What does Article 12 of the Universal Declaration of Human Rights (UDHR) state?
Right to privacy and protection against unlawful interference.
What is guaranteed by Article 8 of the European Convention on Human Rights (ECHR)?
Right to respect for private and family life, home, and correspondence.
What year was the Charter of Fundamental Rights of the EU established?
2000
What does Article 7 of the Charter of Fundamental Rights of the EU establish?
Right to privacy.
What core principles were introduced by the EU Data Protection Directive in 1995?
- Transparency
- Legitimate Purpose
- Proportionality
What is the definition of Personal Data under the UK Data Protection Act 1998?
Information relating to an identifiable individual.
What are considered Sensitive Personal Data?
- Race
- Politics
- Religion
- Health
- Sex life
- Criminal history
List the 8 Data Protection Principles from the UK Data Protection Act 1998.
- Fair and lawful processing
- Specified purposes only
- Data minimization
- Accuracy
- Storage limitation
- Respect for individuals’ rights
- Security
- Restrictions on international transfers
What maximum fine can be imposed for unlawful data processing under the UK Data Protection Act 1998?
£500,000
What major regulation replaced the EU Data Protection Directive in 2016?
EU General Data Protection Regulation (GDPR)
When did the GDPR become effective?
May 25, 2018
What are some key changes introduced by the GDPR compared to previous laws?
- Applies globally for EU citizens’ data
- Larger fines for violations
- Expanded individual rights
- Stricter consent requirements
- Mandatory Data Protection Officers for large organizations
What are the 7 Principles of GDPR according to UK ICO Guidelines?
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
What rights are included in GDPR Data Subject Rights?
- Right to be informed
- Right of access to personal data
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making and profiling
What replaced the EU GDPR in the UK after Brexit?
UK GDPR
What does the Data Protection Act 2018 (DPA 2018) supplement?
UK GDPR
What are some key differences between EU GDPR and UK GDPR?
- New rules for UK-EU transfers
- Removal of EU regulatory oversight
- UK representatives required for non-UK businesses
What is a Data Protection Impact Assessment (DPIA)?
A risk assessment tool required by GDPR Article 35.
When is a DPIA required?
- Profiling with significant effects
- Large-scale processing of sensitive data
- Public monitoring
List the key steps in a DPIA according to UK ICO Guidance.
- Identify the need for a DPIA
- Describe the data processing activities
- Consult stakeholders
- Assess necessity and proportionality
- Identify potential risks
- Implement measures to mitigate risks
- Document findings and review periodically
What is governed by the EU ePrivacy Directive?
Electronic communications privacy.
What does the UK ICO Children’s Code (2020) regulate?
Online services for children.
What does the UK Freedom of Information Act (FOIA) 2000 grant?
Public access to information held by UK public authorities.
True or False: Data protection laws have evolved from human rights frameworks to modern GDPR regulations.
True
