CIPP/E GDPR Terms

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Right to data portability

Requires controllers to provide personal data to the data subject in a commonly used format and to transfer that data to another controller if the data subject so requests

Exceptions to transferring personal data outside the EU without adequate protections

- Explicit consent - For the performance of a contract - Important reasons of public interest - Establishment, exercise or defense of legal claims - To protect vital interests where the data subject is physically or legally incapable of giving consent - Made from a register that is intended to provide information to the public

Data protection principles

- Lawfulness, fairness and transparency - Purpose limitation - Data minimisation - Accuracy - Storage limitation - Integrity and confidentiality - Accountability

Processors' records of processing to keep

- contain contact information for the processor(s) and controller(s) - the categories of processing carried out for each controller - information on cross-border transfers if applicable - a general description of the implemented technical and organizational security measures

Processors' duties to controllers

- process data only as instructed by controllers; - use appropriate technical and organizational measures to comply with the GDPR - delete or return data to the controller once processing is complete - submit to specific conditions for engaging other processors

Information provided to data subjects when their information is collected

- that the controller intends to transfer personal data to a third country or international organization - that such transfer is pursuant to an adequacy decision by the Commission - reference to the appropriate or suitable safeguards and the means for the data subject to obtain them

Disclosures a controller must make before collecting personal data

- the identity of the controller - the purposes for processing - any recipients of personal data - how long the data will be stored - the right to withdraw consent at any time, - the right to request access, rectification or restriction of processing - the right to lodge a complaint with a supervisory authority

Factors in determining data protection adequacy for cross-border transfer

- the specific processing activities - access to justice - international human rights norms - the general and sectoral law of the country - legislation concerning public security, defense and national security - public order - criminal law

Affirmative actions signaling consent

- ticking a box on a website - choosing technical settings for information society services - another statement or conduct that clearly indicates assent to the processing

Top 10 operational impacts of GDPR

1. Data Security and Breach Notification Standards 2. The Mandatory DPO 3. Data Subject Consent 4. Cross-border Data Transfers 5. Profiling and the Right To Object 6. The New Rights To Be Forgotten and to Data Portability 7. Clarifying Duties and Responsibilities of Controllers and Processors 8. 'Pseudonymization' of Personal Data 9. Codes of Conduct and Certifications 10. Complex Administrative Procedures and Hefty Fines

GDPR's new requirements for consent

1. the right to withdraw consent at any time and it shall be as easy to withdraw consent as to give it 2. consent is not freely given if there is a clear imbalance of power 3. consent must be specific to each data processing operation

Explicit consent

All situations where individuals are presented with a proposal to agree or disagree to a particular use or disclosure of their personal information and they respond actively to the question, orally or in writing

Binding Corporate Rules

Allow companies to make intra-organizational transfers of personal data across borders in compliance with EU Data Protection Law

Right to be forgotten

Allows individuals to request the deletion of personal data, and, where the controller has publicized the data, to require other controllers to also comply with the request

Profiling examples

Analyzing or predicting aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements

Data protection by design and by default

Controllers should design products with privacy in mind, rather than tacking it on as an afterthought, and that privacy-protective settings should be the default in any product

Special categories of data

Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, and the like

Direct identifiers

Data that can be used to identify a person without additional information or with cross-linking through other information that is in the public domain

How consent must be given

Freely given, specific, informed and unambiguous by a statement or by a clear affirmative action.

Data Subject Consent

The GDPR requires the data subject to signal agreement by "a statement or a clear affirmative action."

How photographs qualify as biometric data

When they are processed through a specific technical means allowing the unique identification or authentication of a natural person

Personal data breach

a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed

Personal data

any information relating to an identified or identifiable natural person ('data subject')

Profiling

involves (a) automated processing of personal data; and (b) using that personal data to evaluate certain personal aspects relating to a natural person

Pseudonymization

the separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately

Joint controllers

when two or more controllers jointly determine the purposes and means of processing


Ensembles d'études connexes

HUMAN ANATOMY CAPTER 1. INTRODUCTION TO ANATOMY

View Set

Unit 18 World History - 2nd Industrial Revolution - ID's

View Set

Applied Marketing Management Quiz 2

View Set

Chapter 3: Genetics, Conception, Fetal Development, and Reproductive Technology by Durham and Chapman, Chapter 15 Physiological and Behavioral Responses of the Neonate, Chapter 16 Discharge Planning and Teaching, Chapter 17 High-Risk Neonatal Nursing...

View Set

Chapter 34. Making It Real: Mozart and Classical Opera, Chapter 33. Disrupting the Conversation: Beethoven and the Symphony in Transition, Chapter 32. Personalizing the Conversation: Beethoven and the Classical Sonata, Music Chapter 31, Music Chapter...

View Set