Data Protection true or false

Questions and Answers

GDPR 2018 was introduced to give individuals less control over their personal data.

False

A data processor is someone who controls how data is used.

False

Under GDPR, data controllers must obtain and process data fairly.

True

The GDPR allows for personal data to be stored indefinitely without any specific purpose.

False

GDPR applies only to data stored electronically and not to physical files.

False

Data controllers are responsible for keeping data secure, such as using password protection.

True

Data subjects can request a copy of their stored data, and the data controller must respond within 60 days.

False

Data subjects have the right to question the use of their data under the General Data Protection Regulation 2018.

True

A data subject can request a copy of their personal data held by an organization within 14 days.

False

The Data Protection Commission is responsible for investigating complaints related to personal data treatment.

True

Individuals have the right to request deletion of their personal data when the need for its retention has ended.

True

Data protection fines are issued by the General Data Protection Regulation itself.

False

Data subjects have the right to rectify any incorrect or incomplete personal data held about them.

True

The General Data Protection Regulation allows for data portability without any specific format requirements.

False

The Data Protection Commission promotes awareness of data subjects' rights through media campaigns.

True

Study Notes

General Data Protection Regulation (GDPR) 2018

• EU regulation implemented in May 2018, replacing Data Protection Acts 1988-2003.
• Empowers individuals by providing clear rights over personal data.
• Organisations must ensure accuracy and currency of any stored personal information.

Key Definitions

• Personal Data: Information identifying individuals including names, ID numbers, locations, online activity, and all aspects of identity.
• Data Subject: The individual whose personal data is collected and held.
• Data Controller: Responsible for data management, grants access to others.
• Data Processor: Receives access from the data controller to process data, lacks control over its use.

Data Controller Responsibilities

• Use data strictly for its intended purpose (e.g., no marketing use of contact emails).
• Grant access only to necessary data processors pertaining to the intended purpose.
• Ensure data security with measures like password protection.
• Fairly obtain and process data.
• Maintain accuracy, completeness, and timeliness of data.
• Respond to data subject requests within 30 days; can request clarification for large data sets.
• Retain data only as long as necessary for its purpose, eliminating data that is no longer needed.

Data Subject Rights

• Right to inquire about the usage of their data.
• Right to obtain copies of personal data within 30 days of requesting.
• Right to correct any inaccurate or incomplete data.
• Right to request deletion of personal data that is no longer necessary.
• Right to request data portability in a user-friendly format.

Data Protection Commission (DPC)

• Independent authority ensuring protection of EU citizens' personal data.
• Serves as the Irish supervisory authority for GDPR compliance.
• Investigates complaints regarding data treatment violations.
• Issues fines for breaches of GDPR.
• Conducts inquiries into data protection infringements.
• Promotes awareness of data rights via campaigns and guidance materials.
• Engages with sectors to enhance understanding and compliance with GDPR.

Description

Test your knowledge on the General Data Protection Regulation (GDPR), implemented in 2018. This quiz will cover key concepts, definitions, and the implications of GDPR on personal data and individual rights. Understand how GDPR impacts organizations and data subjects.