GDPR Flashcards
Which activities fall within the material scope of the GDPR?
- Processing personal data wholly or partly by automated means. This is any processing operation performed without or partly without human intervention. It should not be confused with automated decision-making, which has rigid restrictions under the GDPR.
- The material scope also covers personal data that forms part of a filing system. This applies even if the processing is not conducted by automated means.
What are the three criteria for GDPR territorial scope? How many do you need for the GDPR to apply?
One: Processing of personal data when a controller or processor is established in the EU (regardless of whether or not the actual processing takes place in the EU)
- Two: Processing of personal data of data subjects in the EU relating to offering goods or services or monitoring behavior (regardless of whether or not the controller or processor is established in the EU)
- Or, three: Processing of personal data by a controller not established in the EU but in a place where member state law applies.
You only need one.
What does GDPR stand for? When was it enacted, and by whom?
Global Data Protection Regulation, published 2016/in effect 2018 by the European Union
GDPR processing definition
“any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”
What are the basic consumer rights under the GDPR?
Consumer rights allow individuals to withdraw consent, request a copy of their personal data, freeze processing of their personal data and object to automated decision-making.
What are the basic business obligations under the GDPR?
Organizations must provide notice to process personal data, ensure compliance of data transfers, implement data protection by design and default, take responsibility for vendor processing, maintain appropriate data security, and keep records and demonstrate compliance.
Free space
ILY
KEEP TRUCKIN