Privacy and Data protection Law
7 important questions on Privacy and Data protection Law
What is the objective of the GDPR?
What does personal data mean?
- Any information relating to an identified or identifiable natural person (data subject).
- So the Data Subject is a living individual to whom personal data relates.
What is the Data controller?
- where the purpose and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
- Higher grades + faster learning
- Never study anything twice
- 100% sure, 100% understanding
Wh is the distinction between the processor and controller important?
- For compliance.
- the GDPR treats the data controller as the principal party for responsibilities such as collecting consent, managing consent-revoking, enabling right to access, etc.
What and who are data protection authorities or officers?
- Data protection authorities are independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law.
- They provide expert advice on data protection issues and handle complaints lodged against violations of the General Data Protection Regulation and the relevant national laws.
- There is one in each EU Member State.
What is the task of the European Data Protection Supervisor (EDPS)?
- the EU institutions and bodies sometimes process citizens' personal information - in electronic, written or visual format - in the course of their duties. Processing includes collecting, recording, storing, retrieving, sending, blocking or erasing data.
- It is the task of the European Data Protection Supervisor (EDPS) to uphold the strict privacy rules governing these activities.
What are the key rights from the GDPR?
- Consent for collection, use, sharing
- Right of access, data portability
- Right to erasure
- Object automated decisions : The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
- Breach notification: the controller shall not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent.
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding