A secretary at a pediatric cardiology clinic instead of sending the doctor the list of patients scheduled for the day, sends it to all those responsible registered for the children with scheduled appointments.
According to the GDPR, does the Supervisory Authority need to be notified? And those responsible for the data holders?
The General Data Protection Regulation (GDPR) formalizes the data subject’s right to data portability.
What is the objective of data portability?
According to the GDPR, when is a data protection impact assessment (DPIA) obligatory?
One of the basic principles of the General Data Protection Regulation (GDPR) is subsidiarity.
What is subsidiarity to GDPR?
The GDPR refers to the principles of proportionality and subsidiarity. What is the meaning of subsidiarity in this context?
What is considered a personal data processing for the General Data Protection Regulation (GDPR)?
A controller discovers that a data subject, who had given consent for the processing of his data, has passed away. What this implies for data processing according to the General Data Protection Regulation (GDPR)?
In the GDPR, some types of personal data are regarded as special category personal data. Which personal data are considered special category personal data?
Who is responsible for demonstrating the compliance of personal data processing with the General Data Protection Regulation (GDPR)?
Racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as the processing of genetic data, biometric data, health data or data relating to a person’s sexual life or sexual orientation.
What does this sentence above refer to?
Data protection and privacy are closely related terms. Which of these options best represent this relationship?
How should data protection between the processor and controller be regulated in accordance with the General Data Protection Regulation (GDPR)?
A company CEO travels to a meeting in another city. He takes a notebook with information about the company’s new projects and acquisitions, which will be the subject of discussion at this meeting. These are the only data stored on the notebook.
The notebook accidentally falls into the hotel’s pool and all data is lost.
What happened, considering the General Data Protection Regulation (GDPR)?
After appearing in a photo posted by a friend on a social network, a person felt embarrassed and decided that he wants the photo to be deleted.
According to the General Data Protection Regulation (GDPR), does that person have the right to delete this photo?
A company located in France wishes to enter into a compulsory contract with a processor located in Portugal. This contract aims to process sensitive French personal data. The Portuguese Supervisory Authority is informed about this contract and the type of processing.
How should Portuguese Supervisory Authority proceed, in accordance with the General Data Protection Regulation (GDPR)?
A person buys a product at a store located in the European Economic Area (EEA). At the time of purchase, you are asked to fill out a registration form and he informs his personal email.
As is usual in many stores, in the next few days this person will start receiving several marketing emails. He considers the frequency of these emails to be very high. Demanding his rights, he asks the store to delete all his personal data.
What the store must do according to the General Data Protection Regulation (GDPR)?
A controller can contract out the processing of personal data to another company, provided a written contract between these partners is in place.
Which clause in this contract is a responsibility of the controller?
The Supervisory Authority is notified whenever an organization intends to process personal data, except for some specific situations. The Supervisory Authority keeps a publicly accessible register of these data processing operations.
What else is a legal obligation of the Supervisory Authority in reaction to such a notification?
Important technical requirements set out in the General Data Protection Regulation (GDPR) are about data quality. One is the obligation to ensure appropriate security, including protection against unauthorized or unlawful processing.
What is another important technical requirement?
A person finds that a private videotape showing her in a very intimate situation has been published on a website. She never consented to publication and demands that the video is being removed without undue delay.
According to the GDPR, what should be done next?
When is a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR) mandatory?
In what way are online activities of people most effectively used by modern marketers?
Subcontracting treatment is regulated by contract or other regulatory act under Union or Member State law, which links the processor to the controller.
What this contract or other regulatory act stipulates?
While paying with a credit card, the card is skimmed (i.e. the data on the magnetic strip is stolen). The magnetic strip contains the account number, expiration date, cardholder’s name and address, PIN number and more.
What kind of a data breach is this?
The General Data Protection Regulation (GDPR) is often known as the “European privacy law”. What is the relationship between ‘privacy’ and ‘data protection’?
What is the main difference between Directive 95/46 / EC and the General Data Protection Regulation (GDPR)?
Some data processing falls outside of the material scope of the GDPR. What type of processing is not subject to the GDPR?
While performing a backup, a data server disk crashed. Both the data and the backup are lost. The disk contained personal data, but no special category personal data. The processor states that this is a personal data breach. Is the statement of the processor true?
Regarding the Supervisory Authority’s “Investigative Powers”, it is correct to state:
One of the objectives of a data protection impact assessment (DPIA) is to strengthen the confidence of customers or citizens in the way personal data is processed and privacy is respected. How can a DPIA strengthen the confidence?
Which of the alternatives describes one of the Supervisory Authority’s responsibilities?
The General Data Protection Regulation (GDPR) is related to the protection of personal data. What is the definition of personal data?
In the European Union we have: Directives and Regulations. What is the difference between them?