Module 6 - Information Provision Obligations Flashcards

1
Q

What do the transparency obligations under GDPR require?

A
  • EDBP guidance - THREEFOLD OBLIGATION relevant to FAIR PROCESS DISCLOSURES, CONTROLLER COMMUNICATIONS with DSs and CONTROLLER FACILITATION OF DS RIGHT EXERCISE.
  • Controllers must communicate in INTELLIGIBLE AND EASILY ACCESSIBLE FORM, FREE OF CHARGE (except for unfounded or excessive requests).
  • Controllers should use CONCISE, CLEAR AND PLAIN LANGUAGE - not technical.
  • .
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What nine facts should be included in privacy notice where there is direct processing?

A
  • Details of controller (and DPO, if appointed).
  • Purpose and scope of processing (e.g. legitimate interests).
  • Controller’s legitimate interests (if relevant).
  • Data recipients.
  • Any automated decision-making undertaken.
  • DS GDPR rights.
  • If international/ex-EEA data transfers will occur and the means of legitimising these.
  • Retention period and criteria used to determine storage length.
  • Whether provision of data is a contractual or statutory requirement, or otherwise required to be provided, and the consequences of not doing so.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What seven facts should be included in privacy notice where there is indirect processing?

A
  • All of the detail required if there is direct processing, together with:
    1. Data sources; and
    2. Data categories.
  • Privacy notice must be provided upon first communication with DS or a reasonable period after receiving data (no longer than one month).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the five exemptions from the requirement to provide an indirect privacy notice?

A
  • Impossibility or disproportionate effort (subject to ensuring rights/freedoms of DS).
  • Privacy notification would render impossible or seriously impair processing (subject to ensuring rights/freedoms of DS).
  • DS already informed.
  • EU / MS law already require data processing and appropriately protect individual interests.
  • EU / MS law requires the personal data remain secret.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly