Articles

Question 1

What is the main topic for GDPR Chapter 1 Articles 1- 4?

Answer 1

General Provisions

Question 2

What is the main topic for GDPR Chapter 2 Articles 5 - 11?

Answer 2

Principles

Question 3

What is the main topic for GDPR Chapter 3 Articles 12 - 23?

Answer 3

Rights of the data subject

Question 4

What is the main topic for GDPR Chapter 4 Articles 24 - 43?

Answer 4

Controller and processor

Question 5

What is the main topic for GDPR Chapter 5 Articles 44 - 50?

Answer 5

Transfers of personal data to third countries or international organizations

Question 6

What is the main topic for GDPR Chapter 6 Articles 51 - 59?

Answer 6

Independent supervisory authorities

Question 7

What is the main topic for GDPR Chapter 7 Articles 60 - 76?

Answer 7

Cooperation & consistency

Question 8

What is the main topic for GDPR Chapter 8 Articles 77 - 84?

Answer 8

Remedies, liability and penalties

Question 9

What is the main topic for GDPR Chapter 9 Articles 85 - 91?

Answer 9

Provisions relating to specific processing situations

Question 10

What is the main topic for GDPR Chapter 10 Articles 92 - 93?

Answer 10

Delegated acts and implementing acts

Question 11

What is the main topic for GDPR Chapter 11 Articles 94 - 99?

Answer 11

Final provisions

Question 12

• Sets out rules about how personal data is processed
• Protects people’s rights and freedoms in relation to personal data
• Ensures that personal data can move freely within the EU.

Answer 12

Article 1
Subject - matter & objectives

Question 13

• Applies where data is processed automatically or is part of a filing system
• Doesn’t apply to purely domestic or personal activity
• Doesn’t apply to certain law enforcement activities.
  Article 3 - Territorial Scope

Answer 13

Article 2
Material Scope

Question 14

The GDPR:

• Applies to any data processing that takes place in the EU (no matter where the person or organization doing the processing is based)
• Applies to anyone:
  * Offering goods or services (paid or free) in the EU, or
  * Monitoring people’s behavior in the EU

Answer 14

Article 3
Territorial scope

Question 15

• Personal data - information that can be used to identify an individual.
• Processing - any action taken with personal data.
• Controller - any body or organization that decides how or why personal data is processed.
• Processor - any body or organization that processes personal data for a controller.
• Consent - A statement or affirmative action that shows agreement to having personal data processed. Must be freely given, specific, informed and unambiguous

Answer 15

Article 4
Definitions

Question 16

All personal data processing must adhere to six principles, which are the responsibility of the data controller:

• Lawfulness, fairness and transparency;
• Limitation of processing to legitimate purposes;
• Data minimization;
  Accuracy;
• Limitation on time period of storage;
• Integrity and confidentiality.

Answer 16

Article 5
Principles relating to processing of personal data

Question 17

All personal data processing must occur under one of six lawful bases:

• Consent;
• Contract;
• Legal obligation;
• Vital interests;
• Public task;
• Legitimate interests.

Answer 17

Article 6
Lawfulness of processing

Question 18

Consent must be:

• Freely given;
• Given via a clear, affirmative act (opt-in);
• Easy to withdraw.

Answer 18

Article 7
Conditions for consent

Question 19

If you need to process the personal data of a child under the age of 16 for “information society services” and you’re relying on consent as your lawful basis for doing this, you need the consent of their parent or carer.

You also need to take reasonable steps to make sure it was actually their parent or carer that consented.

Information society service (ISS) broadly means any online service - apps, websites, games, streaming services.

Answer 19

Article 8
Conditions applicable to child’s consent in relation to information society services

Question 20

Special categories of personal data include information about a person’s:
Race; Political views; Religion or beliefs; Sex life; Genetic, biometric or health data; Union membership.

You may only process special category data under very specific circumstances, including:

• You have a person’s consent in connection with a specific purpose;
• The person’s life is at risk;
• You’re a not-for-profit organization and can demonstrate that it’s in your legitimate interests.

Answer 20

Article 9
Processing of special categories of personal data

Question 21

You can only process data about people’s criminal convictions if:

• You’re doing so under the control of an official authority
• You’re authorized to do so under the GDPR-compliant law of an EU Member State.

Answer 21

Article 10
Processing of personal data relating to criminal convictions and offences

Answer 22

Article 11
Processing which does not require identification

Answer 23

Article 12
Transparent information, communication and modalities for the exercise of the rights of the data subject

Answer 24

Article 13
Information to be provided where personal data are collected from the data subject

Answer 25

Article 14 Information to be provided where personal data have not been obtained from the data subject

Answer 26

Article 15 Right of access by the data subject

Answer 27

Article 16 Right to rectification

Answer 28

Article 17 Right to erasure (‘right to be forgotten’)

Answer 29

Article 18 Right to restriction of processing

Answer 30

Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing

Answer 31

Article 20 Right to data portability

Question 32

Article 21

Answer 32

Right to object

Question 33

Article 22

Answer 33

Automated individual decision-making, including profiling

Question 34

Article 23

Answer 34

Restrictions

Question 35

Article 24

Answer 35

Responsibility of the controller

Question 36

Article 25

Answer 36

Data protection by design and by default

Question 37

Article 26

Answer 37

Joint controllers

Question 38

Article 27

Answer 38

Representatives of controllers or processors not established in the Union

Question 39

Article 28

Answer 39

Processor

Question 40

Article 29

Answer 40

Processing under the authority of the controller or processor

Question 41

Article 30

Answer 41

Records of processing activities

Question 42

Article 31

Answer 42

Cooperation with the supervisory authority

Question 43

Article 32

Answer 43

Security of processing

Question 44

Article 33

Answer 44

Notification of a personal data breach to the supervisory authority

Question 45

Article 34

Answer 45

Communication of a personal data breach to the data subject

Question 46

Article 35

Answer 46

Data protection mpact assessment

Question 47

Article 36

Answer 47

Prior consultation

Question 48

Article 37

Answer 48

Designation of the data protection officer

Question 49

Article 38

Answer 49

Position of the data protection officer

Question 50

Article 39

Answer 50

Tasks of the data protection officer

Question 51

Article 40

Answer 51

Codes of conduct

Question 52

Article 41

Answer 52

Monitoring of approved codes of conduct

Question 53

Article 42

Answer 53

Certification

Question 54

Article 44

Answer 54

General principle for transfers

Question 54

Article 43

Answer 54

Certification bodies

Question 55

Article 45

Answer 55

Transfers on the basis of an adequacy decision

Question 56

Article 46

Answer 56

Transfers subject to appropriate safeguards

Question 57

Article 47

Answer 57

Binding corporate rules

Question 58

Article 48

Answer 58

Transfers or disclosures not authorized by Union law

Question 59

Article 49

Answer 59

Derogations for specific situations

Question 60

Article 50

Answer 60

International cooperation for the protection of personal data

Question 61

Article 51

Answer 61

Supervisory authority

Question 62

Article 52

Answer 62

Independence

Question 63

Article 53

Answer 63

General conditions for the members of the supervisory authority

Question 64

Article 54

Answer 64

Rules on the establishment of the supervisory authority

Question 65

Article 56

Answer 65

Competence of the lead supervisory authority

Question 66

Article 55

Answer 66

Competence

Question 67

Article 57

Answer 67

Tasks

Question 68

Article 58

Answer 68

Powers

Question 69

Article 59

Answer 69

Activity reports

Question 70

Article 60

Answer 70

Cooperation between the lead supervisory authority and the other supervisory authorities concerned

Question 71

Article 61

Answer 71

Mutual assistance

Question 72

Article 62

Answer 72

Joint operations of supervisory authorities

Question 73

Article 63

Answer 73

Consistency mechanism

Question 74

Article 64

Answer 74

Opinion of the Board

Question 75

Article 65

Answer 75

Dispute resolution by the Board

Question 76

Article 66

Answer 76

Urgency procedure

Question 77

Article 67

Answer 77

Exchange of information

Question 78

Article 68

Answer 78

European Data Protection Board

Question 79

Article 69

Answer 79

Independence

Question 80

Article 70

Answer 80

Tasks of the Board

Question 81

Article 71

Answer 81

Reports

Question 82

Article 72

Answer 82

Procedure

Question 83

Article 73

Answer 83

Chair

Question 84

Article 74

Answer 84

Tasks of the Chair

Question 85

Article 75

Answer 85

Secretariat

Question 86

Article 78

Answer 86

Right to an effective judicial remedy against a supervisory authority

Question 87

Article 76

Answer 87

Confidentiality

Question 88

Article 77

Answer 88

Right to lodge a complaint with a supervisory authority

Question 89

Article 79

Answer 89

Right to an effective judicial remedy against a controller or processor

Question 90

Article 80

Answer 90

Representation of data subjects

Question 91

Article 81

Answer 91

Suspension of proceedings

Question 92

Article 82

Answer 92

Right to compensation and liability

Question 93

Article 83

Answer 93

General conditions for imposing administrative fines

Question 94

Article 84

Answer 94

Penalties

Question 95

Article 85

Answer 95

Processing and freedom of expression and information

Question 96

Article 86

Answer 96

Processing and public access to official documents

Question 97

Article 87

Answer 97

Processing of the national identification number

Question 98

Article 88

Answer 98

Processing in the context of employment

Question 99

Article 89

Answer 99

Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

Question 100

Article 90

Answer 100

Obligations of secrecy

Question 101

Article 91

Answer 101

Existing data protection rules of churches and religious associations

Question 102

Article 92

Answer 102

Exercise of the delegation

Question 103

Article 93

Answer 103

Committee procedure

Question 104

Article 94

Answer 104

Repeal of Directive 95/46/EC

Question 105

Article 95

Answer 105

Relationship with Directive 2002/58/EC

Question 106

Article 96

Answer 106

Relationship with previously concluded Agreements

Question 107

Article 97

Answer 107

Commission reports

Question 108

Article 98

Answer 108

Review of other Union legal acts on data protection

Question 109

Article 99

Answer 109

Entry into force and application