Data Protection Principles PDF

Summary

This document contains questions and answers on Data Protection Principles, including key messages of GDPR (General Data Protection Regulation) and rights of data subjects. It covers topics such as purpose limitation, data minimization, and accuracy of data. The document is likely intended for an undergraduate course on data protection law.

Full Transcript

Essay – Data Protection Principles (5 points each, max 20 points)
Identification – 12 key messages of GDPR (1 point each, max 15 points)
Enumeration – Rights of data subjects (1 point each, max 15 points)

Essay – Data Protection Principles (5 points each, max 20 points)
/(LFT) Lawfulness, fairness, and transparency - tells us that the processing of personal
data must be conducted in a lawful, fair, and transparent way.

(PL) Purpose limitation - tells us that you should only process personal data for the purpose
that you originally intended. You should not reuse personal data for other purposes.

(DM) Data minimisation - tells us that we should not gather more personal data than we
need to deliver the service. Only gather the exact amount of data that is needed.

(A) Accuracy - have the most accurate data possible.

(SL) Storage Limitations - should not store personal data which is no longer needed.

(IC) Integrity and Confidentiality - making sure that the personal data is correct and cannot
be manipulated by others.

(A) Accountability - taking responsibility for your data processing.
Identification – 12 key messages of GDPR (1 point each, max 15 points)

1. Material scope of the gdpr (article2) - applies to the processing of personal data.

2. Territorial scope of the gdpr ( article 3) - applies to data controllers and data
processors with an establishment in the EU

3. Fundamental principles relating to processing (article 5)

4. Lawfulness of processing ( article6) - e data subject has provided consent. necessary
for the performance of a contract. necessary for compliance with a legal obligation
to which the controller is subject.

5. Consent (article 4,7, and 8) - must be freely given, specific, informed and an
unambiguous indication of the data subject's wishes.

6. Individual Rights — (Articles 12— 23) - The right to information requires data
controllers to give individuals certain information about the processing of their
personal data free of charge. The right to be forgotten, also referred to as the right to
erasure as it includes both the right to have the data erased a

7. Right to restriction of processing (article 12-23) - allowing the data controller to
verify the accuracy of the personal data that is contested by the data subject

8. Right to data portability (article 12-23) - right of an individual to receive personal
data that he/she has provided to the data controller in a structured

9. Accountability obligations of data controllers (articles 5, 25, 30, 35-43) - to ensure
compliance with the GDPR and be able to demonstrate such compliance.

10. Obligations of data processors (article 28) - introduces new requirements which
apply directly to data processors giving them as such a separate legal status.

11. Data breach notifications (articles 33-34) - data breach notifications to the Data
protection Authority (DPA) are mandatory.

12. International Transfers ( articles 44-49) - personal data may be transferred outside
the EU to third countries or international organizations that provide an "adequate level
of data protection"
 13. Supervision Cooperations, Remedies (articles 50 and 83) - significantly toughens
the approach to and the level of administrative fines foreseen in the EU and
harmonizes it

14. European Data Protection Board (EDPB) (article 6415651 66 and 68)- consistent
application of the GDPR throughout the Union.

15. One stop shop - provides new methods of co-operation and consistency.

Enumeration – Rights of data subjects (1 point each, max 15 points)

1. Right to be informed - to know what personal data is collected to them.
2. Right of access - right to submit subject access requests
3. Right to rectification - to ask the organization to update any accurate or incomplete
4. Right to be forgotten - allows individual to ask for their personal data to be deleted
5. Right to restrict processing - organization limits the way it uses their personal data
6. Right to data portability - allows individuals to obtain their own personal data
7. Right to object to processing - object the processing of personal data at any time.
8. Rights in relation automated decision making and profiling - done without human
involvement.
9. Violation of data subject rights - provokes the rights penalties under the gdpr.