Week 8: Legal Issues and GDPR Principles

Question 1

What is a data controller

Answer 1

Determines the purposes and means for using personal data. If you can answer why personal data is being used, you are likely a data controller.

Question 2

What is a data processor

Answer 2

Often a sub-contracted company that handles personal data but does not determine its purpose. They control how data is stored and transferred.

Question 3

What is a data subject

Answer 3

Identified or identifiable natural persons whose data is collected.

Question 4

GDPR Principle: Lawfulness

Answer 4

Lawfulness, Fairness, and Transparency:
Personal data must be processed lawfully, fairly, and transparently.

Question 5

GDPR Principle: Purpose Limitation

Answer 5

Purpose Limitation:
Personal data must be collected for specified, explicit, and legitimate purposes, and not further processed incompatibly with those purposes.

Question 6

GDPR Principle: Data Minimisation

Answer 6

Data Minimisation: Data must be adequate, relevant, and limited to what is necessary for its purpose.

Question 7

GDPR Principle: Accuracy

Answer 7

Accuracy: Data must be accurate and, where necessary, kept up to date.

Question 8

GDPR Principle: Storage Limitation

Answer 8

Storage Limitation: Data must not be kept in identifiable form longer than necessary.

Question 9

GDPR Principle: Integrity and Confidentiality

Answer 9

Integrity and Confidentiality (Security Principle): Data must be secured against unauthorised access, accidental loss, destruction, or damage.

Question 10

GDPR Principle: Accountability

Answer 10

Accountability: Controllers must demonstrate compliance with the data protection principles.

Question 11

Lawful Basis for Processing Under GDPR: Public Interest

Answer 11

Public Interest:
Processing is required for a task carried out in the public interest or under official authority.

Question 12

Lawful Basis for Processing Under GDPR: Consent

Answer 12

Consent:
The data subject has provided clear consent for specific purposes.

Question 13

Lawful Basis for Processing Under GDPR: Legal Obligation

Answer 13

Legal Obligation:
Processing is required to comply with a legal obligation.

Question 14

Lawful Basis for Processing Under GDPR: Legitimate Interest

Answer 14

Legitimate Interest:
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Question 15

Lawful Basis for Processing Under GDPR: Contract

Answer 15

Contract:
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Question 16

Lawful Basis for Processing Under GDPR: Vital Interests

Answer 16

Vital Interests:
Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

Question 17

Lawful Basis for Processing Under GDPR Acronym

Answer 17

it doesn’t really make sense just sounds easy to say so easy to remember
Public Interest
Consent
Legal Obligation
Legitimate Interest
Contract
Vital Interests

Question 18

GDPR acryonm

Answer 18

PALADIN

P: Purpose Limitation
A: Accountability
L: Lawfulness, Fairness, and Transparency
A: Accuracy
D: Data Minimisation
I: Integrity and Confidentiality
N: (No excess storage) Storage Limitation