LECTURE 4 - privacy regulations Flashcards Preview

Law & Ethics > LECTURE 4 - privacy regulations > Flashcards

Flashcards in LECTURE 4 - privacy regulations Deck (13)
Loading flashcards...
1

Data privacy and processing regulations (definition)

Regulations that govern the collection and processing of sensitive data, especially in cases where natural person can be identified based on such data

2

When does GDPR apply? (4)

- GDPR applies in accordance with territorial scope
- GDPR applies to personal data
- GDPR applies to the relationships between data subject, data controller, data processor and recipient
- GDPR applies to data processing

3

Identifiable data meaning

information related to an identifiable person, data that can identify an individual

4

Data subject

natural person whose data is processed

5

Controller

Someone who determines the purposes and means of data processing

6

Processor

Someone who processes the data

7

Recipient

To whom the personal data is disclosed (shown)

8

Examples of data processing

collection
recording
organization
structuring
use
making available
retrieval
alignment or combination
erasure
destruction

9

GDPR bases regulation of data processing on 5 main pillars:

- Controller, data processor and recipient should comply with the principles of processing

- There should be a justification for processing

- Some data requires special justification

- Data subject has rights within data processing

- Controller, data processor and recipient are liable for keeping data secure

10

Principles of processing (6)

- Lawfulness, fairness and transparency

- Purpose limitation

- Data minimization

- Accuracy

- Storage limitation

- Integrity and confidentiality

11

Justification for processing (4)

- Consent of data subject

- Performance of a contract to which the data subject is party

- Public purposes (compliance with legal obligation, protection of vital interest, etc.)

- Legitimate interest (education, research, limited use, not sensitive)

12

Special justification processing is allowed when: (3)
Written in article?

- Subject has given explicit consent

- Necessary to carry out the obligations of the controller

- Necessary to protect the vital interest of the data subject or other person

- Written in article 9 GDPR

13

Data subject rights (5)

- Ratification of inaccurate data

- Erasure of data

- Restrict data processing

- Receive the data processed

- Object processing