Data Protection short answers

Questions and Answers

What is the main purpose of the GDPR 2018?

The main purpose of the GDPR 2018 is to give individuals greater control over their personal data and to set clearly defined rights for data subjects.

Who is defined as a data subject under the GDPR?

A data subject is an individual whose personal data is being stored or processed.

What responsibilities do data controllers have according to the GDPR?

Data controllers must use data only for its intended purpose, keep it secure, ensure it is accurate and up to date, and respond to data subject requests within 30 days.

What constitutes personal data under GDPR?

Personal data includes any information that can identify an individual, such as a name, ID number, location data, or online browsing history.

What is the role of a data processor in relation to a data controller?

A data processor is someone who has been granted access to the data by the data controller and can process the information but cannot control its use or function.

Why must data controllers retain information for a limited time?

Data controllers must retain information only for the necessary specified purpose to comply with GDPR and to protect personal data from being held unnecessarily.

What action must data controllers take if a data subject requests their stored data?

Data controllers must supply a copy of the stored data to the data subject within 30 days of receiving a written request.

What right do data subjects have under GDPR concerning their personal data usage?

Data subjects have the right to question the use of their data, obtaining details about how it is used by an organization.

How quickly must an organization provide a copy of personal data when requested by a data subject?

An organization must provide a copy of personal data within 30 days of the request.

What action can a data subject take if they find personal data about them to be incorrect?

A data subject can request to rectify any untrue, incorrect, or incomplete personal data held about them.

Under what circumstances can a data subject request the deletion of their data?

A data subject can request deletion if the reason for keeping the data has finished.

What does the right to data portability allow a data subject to do?

It allows a data subject to request their data from an organization in a format that is easily usable and transferable.

What is the role of the Data Protection Commission (DPC) in relation to GDPR?

The DPC is responsible for upholding the rights of EU citizens concerning the protection of personal data.

What types of activities does the DPC engage in to promote compliance with GDPR?

The DPC conducts inquiries, issues guidance, and runs media campaigns to raise awareness of data subjects' rights.

What consequence can organizations face for breaching the General Data Protection Regulation?

Organizations can face fines for breaches of the General Data Protection Regulation.

Study Notes

General Data Protection Regulation (GDPR) 2018

• EU regulation implemented in May 2018, replacing Data Protection Acts 1988-2003.
• Empowers individuals by providing clear rights over personal data.
• Organisations must ensure accuracy and currency of any stored personal information.

Key Definitions

• Personal Data: Information identifying individuals including names, ID numbers, locations, online activity, and all aspects of identity.
• Data Subject: The individual whose personal data is collected and held.
• Data Controller: Responsible for data management, grants access to others.
• Data Processor: Receives access from the data controller to process data, lacks control over its use.

Data Controller Responsibilities

• Use data strictly for its intended purpose (e.g., no marketing use of contact emails).
• Grant access only to necessary data processors pertaining to the intended purpose.
• Ensure data security with measures like password protection.
• Fairly obtain and process data.
• Maintain accuracy, completeness, and timeliness of data.
• Respond to data subject requests within 30 days; can request clarification for large data sets.
• Retain data only as long as necessary for its purpose, eliminating data that is no longer needed.

Data Subject Rights

• Right to inquire about the usage of their data.
• Right to obtain copies of personal data within 30 days of requesting.
• Right to correct any inaccurate or incomplete data.
• Right to request deletion of personal data that is no longer necessary.
• Right to request data portability in a user-friendly format.

Data Protection Commission (DPC)

• Independent authority ensuring protection of EU citizens' personal data.
• Serves as the Irish supervisory authority for GDPR compliance.
• Investigates complaints regarding data treatment violations.
• Issues fines for breaches of GDPR.
• Conducts inquiries into data protection infringements.
• Promotes awareness of data rights via campaigns and guidance materials.
• Engages with sectors to enhance understanding and compliance with GDPR.

Description

Test your knowledge on the General Data Protection Regulation (GDPR) that came into effect in May 2018. This quiz covers key aspects such as data subjects' rights, responsibilities of data controllers, and the transition from previous data protection laws. Take on the challenge and see how well you understand this crucial EU regulation.