Chapter GDPR Flashcards
structure GDPR
chapter 1
Article 1-4 General Provision
- subject matters and objectives
- Material scope
- Teritorial Scope
- Definitions
chapter 2
Article 5 -11 Principles
- Principles
- Lawfulness of processing
- condition of consent
- Conditions applicable to child’s consent in relation to information society services
- Processing of special categories of personal data
- Processing of personal data relating to criminal convictions and offences (6 1)
- Processing which does not require identification
chapter 3
article 12-23 right of the data subject
- Transparent information, communication and modalities for the exercise of the rights of the data subject (13/14/15/22/34)
- Information to be provided where personal data are collected from the data subject
- Information to be provided where personal data have not been obtained from the data subject
- Right of access by the data subject
- Right to rectification
- Right to erasure (‘right to be forgotten’)
- Right to restriction of processing
- Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Right to data portability
- Right to object
- Automated individual decision-making, including profiling
- Restrictions
chapter 4 section 1 (5)
Controller and processor -
article 24-31 general abligation
- Responsibility of the controller
- Data protection by design and by default
- Joint controllers
- Representatives of controllers or processors not established in the Union
- Processor
- Processing under the authority of the controller or processor
- Records of processing activities
- Cooperation with the supervisory authority
chapter 4 section 2 (5) contoller and processor
Securtiy of personal data
article 32-34
- Security of processing
- Notification of a personal data breach to the supervisory authority
- Communication of a personal data breach to the data subject
chapter 4 section 3 (5) contoller and processor
Data protection impact assessment and prior consultation
article 35 - 36
- Data protection impact assessment para 3 (a-c)
(Datenschutz-Folgenabschätzung)
reference to article 9 (processing special categories of personal data) and 10 - Prior consultation
chapter 4 section 4 (5) contoller and processor
Data protection officer
37-39
- Designation of the data protection officer
- Position of the data protection officer
- Tasks of the data protection officer
chapter 4 section 5 (5) contoller and processor
Codes of conduct and certification
40-43
- Codes of conduct
- Monitoring of approved codes of conduct
- Certification
- Certification bodies (article 58)
chapter 5
Transfers of personal data to third countries or international organisations
article 44-50
- General principle for transfers
- Transfers on the basis of an adequacy decision
- Transfers subject to appropriate safeguards
- Binding corporate rules
- Transfers or disclosures not authorised by Union law
- Derogations for specific situations
- International cooperation for the protection of personal data
chapter 6 Independent supervisory authorities
article 51-59
section 1 (2) Independent status article 51-53
- Supervisory authority
- Independence
- General conditions for the members of the supervisory authority
- Rules on the establishment of the supervisory authority
chapter 6 Independent supervisory authorities
article 55-59
section 2 (2) Competence, tasks and powers
- Competence
- Competence of the lead supervisory authority
- Tasks
- Powers
- Activity reports