GDPR EXTRACT

Question 1

Q: What is the main goal of the GDPR?

Answer 1

A: To protect people’s personal data and privacy in the EU.

Example: A company must tell you how they use your email.

Question 2

Q: What is personal data?

Answer 2

A: Any information that can identify a person.

Example: Name, phone number, address, email, IP address.

Question 3

Q: What does processing mean?

Answer 3

A: Doing anything with personal data — like collecting, saving, changing, or deleting it.

Example: Signing up for a website = your data is being processed.

Question 4

Q: Who is the data subject?

Answer 4

A: The person whose data it is.

Example: You, when you give your info to a shop.

Question 5

Q: Who is the controller?

Answer 5

A: The person or company who decides why and how your data is used.

Example: An online store collecting your info.

Question 6

Q: Who is the processor?

Answer 6

A: Someone who works with data on behalf of the controller.

Example: A company hired to store customer info for a website.

Question 7

Q: What are the 7 GDPR principles?

Answer 7

1. Lawfulness, fairness, transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity & confidentiality
7. Accountability

Example: A business must only collect the data it really needs.

Question 8

Q: When is processing data allowed? (Legal basis)

Answer 8

One of these must apply:

Consent

Contract

Legal duty

Protect someone’s life

Public interest

Legitimate interest (only if it doesn’t hurt the person’s rights)

Example: A bank can process your data for your account contract.

Question 9

Q: What is consent under the GDPR?

Answer 9

A: It must be:

Freely given

Clear

Informed

Easy to take back

Example: You must click a box to agree — no pre-ticked boxes!

Question 10

Q: What is sensitive personal data?

Answer 10

A: Personal data about:

Race

Religion

Politics

Health

Sexual orientation

Biometric or genetic info

Example: Fingerprints or medical records = special protection.

Question 11

Q: Can companies use sensitive data?

Answer 11

Usually no — unless:

You gave clear consent

It’s needed for health, law, or public safety

Example: A hospital can use your health data for treatment.

Question 12

Q: What age can children give consent online?

Answer 12

A: At least 16 years old (or 13–15 depending on the country)

Example: A 12-year-old needs a parent’s permission to sign up.

Question 13

Q: What is a data breach?

Answer 13

A: When data is lost, stolen, or leaked by accident or attack.

Example: A hacker stealing customer emails.

Question 14

Q: What is pseudonymisation?

Answer 14

Replacing names with fake IDs so the data cannot be linked to a person without extra info.

Example: “User #458” instead of “John Smith”.

Question 15

Q: Who makes sure companies follow GDPR?

Answer 15

The supervisory authority (e.g., the Data Protection Authority in your country).

Example: In Belgium, it’s the GBA (Gegevensbeschermingsautoriteit).