Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Business Intelligence > GDPR > Flashcards

GDPR Flashcards

1
Q

Explain the six principles that Article 5 of the GDPR

concerning any collection or processing of
personal data.

A

Personal data shall be…

  1. processed lawfully, fairly and in a transparent manner
  2. collected for specified, explicit and legitimate purposes
  3. data minimisation - only collect relevant and necessary data
  4. accurate and kept up to date; if incorrect, must be erased or corrected immediately
  5. storage limitation - data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  6. securely processed and stored (protection against data leaks, accidental damage, etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

which organisations need to comply with the GDPR

A
  • applies to controllers and processors handling personal data of EU citizens
  • applies to ALL organisations collecting and processing EU data, regardless of the company’s physical location
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Whose information does the GDPR aim to protect?

A

citizens in the EU (+UK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name 2 other UK Acts of Parliament, currently in force, that affect data protection (besides DPA)

A
  • IPA: Investigatory Powers Act 2016
  • UK Data Protection Bill 2017
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

UK Data Protection Act vs. GDPR

A

Reach

  • DPA - UK only
  • GDPR - EU wide

Penalties

  • DPA - fines of up to £500,000 or 1% of annual turnover
  • GDPR – fines of up to €20 million or 4% of the businesses annual global turnover

Data Breaches

  • DPA – Businesses are under no obligation to report data breaches though they are encouraged to do so
  • GDPR – Any data breach must be reported to the Supervisory Authority within 72 hours of the incident

Data removal / Right to erasure

  • DPA – no requirement
  • GDPR – An individual will have the ‘Right to erasure’ – which includes all data including web records with all information being permanently deleted

Data Protection Officers

  • DPA – no need for a dedicated DPO
  • GDPR – A DPO should be appointed if you are:
    • A public authority or body
    • Carry out large scale systematic monitoring of individuals
    • Perform large scale processing of special categories of data

Privacy by design

  • DPA – Protection Impact Assessments (PIA) are no legal requirement
  • GDPR – PIAs will be mandatory and must be carried out when there is a high risk to the freedoms of the individual.

Commencement

  • DPA - 1998
  • GDPR - 2018
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

controller vs. processor

A

Controller – entity who determines the purposes and means of the processing of personal data

Processor – entity who processes personal data on behalf of the controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Business Intelligence (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions