Module 4 - Processing Personal Data

Question 1

What is data processing?

Answer 1

any operation or set of operations which is performed on personal data by any means

Question 2

What do the OECD guidelines refer to?

Answer 2

Protection of privacy and transborder flow of personal data

Question 3

How many principles encompass the OECD guidelines?

Answer 3

8 principles

Question 4

What are the 8 principles of the OECD guidelines?

Answer 4

1. Collection Limitation - limits the collection of PD to fair and lawful means with the consent of data subject
2. Data Quality - relevant to the purpose intended, accurate, complete and up to date
3. Purpose Specification - fit for purpose
4. Use Limitation - limited use with consent/law
5. Security safeguards - protect data from risks (loss, access, modification, destruction, disclosure)
6. Openness
7. Individual Participation - right to obtain, forget, disclose, correct
8. Accountable - data controllers should have compliance with the above principles

Question 5

What are GDPR principles?

Answer 5

1. Purpose Limitation
2. lawfulness and transparency of processing
3. Data minimization and proportionality
4. Accuracy
5. Storage Limitation - relevant and necessary
6. integrity and confidentiality - PD is secure
7. Accountability - processing PD responsibly

Question 6

What is the territorial scope of GDPR?

Answer 6

1. when a controller or processor is in EU
2. Services offered to EU data subjects in EU
3. By a controller where member state law applies

Question 7

What exclusions are there for GDPR applicability?

Answer 7

1. Activities outside of the EU
2. Law enforcement and public security
3. Personal or household activities

Question 8

What lawful grounds for the processing of personal data must exist?

Answer 8

1. Consent
2. Contract
3. Legal Obligation
4. Vital Interests
   5 Public interest or official authority
5. Legitimate interests

Question 9

What are the key factors linked to providing consent for the collection of personal data?

Answer 9

1. Lawful processing
2. Freely Given
3. Specific
4. Informed
5. Unambiguous
6. Children - parental concent needed 13-16 yrs of age

Question 10

Exclusions to Material scope for GDPR include?

Answer 10

1. Activities outside the scope of the EU law
2. Law enforcement and public security
3. Purely personal or household activites

Question 11

Should material scope exclusions be considered narrowly or broadly.

Answer 11

They should be considered narrowly!

Question 12

Out of the 6 lawful grounds/conditions for personal data to be processed, how many conditions need to need to be met for the processing of personal data to be lawful?

Answer 12

one

Question 13

Which lawful processing criteria is used processing criteria is commonly used when a customer purchases a good or service?

Answer 13

Contract

Question 14

The general starting point for the processing of special categories of data is prohibited. Ture or False?

Answer 14

True

Question 15

Which exception to the prohibition on processing special categories of personal data must be explicit?

Answer 15

Consent