Module 8 - Compliance Considerations Flashcards
What are the four bases upon which an employer can legitimise processing of employee data?
Personal data:
- Legitimate interests.
- Performance of employment contract.
- Performance of an employment law obligation.
- Consent.
Special category data:
- Explicit consent.
- Employment law.
Consider local MS law for employment data storage considerations.
What considerations are relevant to bring-your-own-device arrangements?
- Provide employees notice of BYOD requirements.
- Implement a BYOD policy.
- Assess, identify and overseee storage of data and attendant security consideration.
What four considerations are relevant to employee monitoring?
- NECESSITY - Is a less intrusive method available?
- LEGITIMACY - Are there lawful grounds for monitoring?
- PROPORTIONALITY of monitoring measures.
- TRANSPARENCY of monitoring measures.
Generally, where surveillance is lawful, the rights and freedoms of the DS should still be respect (article 23, GDPR).
What considerations are relevant to the usage of CCTV?
- Local law details specific CCTV requirements.
- If there is large scale processing of data then a DPIA is likely to be required.
- Consider the proportionality of CCTV monitoring.
- CCTV-related processing must also be transparent - consider signposting of CCTV.
Under the Electronic Privacy Directive, how must direct marketing be legitimised?
B2B direct marketing:
- Postal - Opt-out must be available;
- Phone - Opt-out must be available;
- Digital - Opt-out must be available,
B2C direct marketing:
- Postal - Opt-out must be available;
- Phone - Opt-out must be available (subject to checking TPS);
- Digital - Opt-in (or ‘soft opt-in’) must be secured.
Cookies - Opt-in required (except where necessary - developer determines what is necessary).