GDPR FAQ

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

How does the GDPR affect policy surrounding data breaches?

Proposed regulations surrounding data breaches primarily relate to the notification policies of companies that have been breached. Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay.

Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company's location.

What is the difference between a data processor and a data controller?

A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.

What is the difference between a regulation and a directive?

A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how. It is important to note that the GDPR is a regulation, in contrast the the previous legislation, which is a directive.

Does my business need to appoint a Data Protection Officer (DPO)?

DPOs mustbe appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37). If your organization doesn't fall into one of these categories, then you do not need to appoint a DPO.

What are the penalties for non-compliance?

€20 million is the maximum fine that can be imposed for the most serious infringements. e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design


Ensembles d'études connexes

Chapter 30: Atraumatic Care of Children and Families

View Set

Financial Accounting & Reporting

View Set

11.1 - Apply Trigonometric Functions to solve problems involving distance and angles

View Set

Verbal Reasoning DOST-SEI Practice Test

View Set

Nursing care of children ATI quiz bank

View Set

Chapter 10 - Manipulating Variables

View Set

J.K. Rowling Speaks at Harvard Commencement

View Set