Full CIPP/E exam with Correct Answers
Save
Terms in this set (178)
The implementation of appropriate technical and
organisational measures to ensure and be able to
demonstrate that the handling of personal data is
performed in accordance with relevant law, an idea
codified in the EU General Data Protection Regulation
and other frameworks, including APEC's Cross Border
Accountability
Privacy Rules. Traditionally has been a fair information
practices principle, that due diligence and
reasonable steps will be undertaken to ensure that
personal information will be protected and handled
consistently with relevant law and other fair use
principles.
Organizations must take every reasonable step to
ensure the data processed is this and, where
necessary, kept up to date. Reasonable measures
should be understood as implementing processes to
prevent inaccuracies during the data collection
process as well as during the ongoing data
Accuracy processing in relation to the specific use for which the
data is processed. The organization must consider the
type of data and the specific purposes to maintain the
accuracy of personal data in relation to the purpose.
Also embodies the responsibility to respond to data
subject requests to correct records that contain
incomplete information or misinformation.
, A transfer of personal data from the European Union
to a third country or an international organisation may
take place where the European Commission has
decided that the third country, a territory or one or
more specified sectors within that third country, or the
international organisation in question, ensures this by
taking into account the following elements: (a) the
rule of law, respect for human rights and fundamental
freedoms, both general and sectoral legislation, data
Adequate Level of protection rules, professional rules and security
Protection measures, effective and enforceable data subject
rights and effective administrative and judicial
redress for the data subjects whose personal data is
being transferred; (b) the existence and effective
functioning of independent supervisory authorities
with responsibility for ensuring and enforcing
compliance with the data protection rules; (c) the
international commitments the third country or
international organisation concerned has entered into
in relation to the protection of personal data.
The requirement under the GDPR that the European
Data Protection Board and each supervisory authority
periodically report on their activities. The
supervisory authority report should include
infringements and the activities that the authority
conducted under their Article 58(2) powers. The EDPB
report should include guidelines, recommendations,
Annual Reports
best practices and binding decisions. Additionally,
the report should include the protection of natural
persons with regard to processing in the EU and,
where relevant, in third countries and international
organisations. Shall be made public and be
transmitted to the European Parliament, to the
Council and to the Commission.
, In contrast to personal data, this is not related to an
identified or an identifiable natural person and cannot
Anonymous Information be combined with other information to re-identify
individuals. It has been rendered unidentifiable and,
as such, is not protected by the GDPR.
indications of special classes of personal data. If
there exists law protecting against discrimination
based on a class or status, it is likely personal
Anti-discrimination Laws
information relating to that class or status is subject to
more stringent data protection regulation, under the
GDPR or otherwise.
The GDPR refers to these in a number of contexts,
including the transfer of personal data to third
countries outside the European Union, the processing
of special categories of data, and the processing of
personal data in a law enforcement context. This
generally refers to the application of the general data
protection principles, in particular purpose limitation,
data minimisation, limited storage periods, data
quality, data protection by design and by default,
legal basis for processing, processing of special
categories of personal data, measures to ensure data
Appropriate Safeguards security, and the requirements in respect of onward
transfers to bodies not bound by the binding
corporate rules. This may also refer to the use of
encryption or pseudonymization, standard data
protection clauses adopted by the Commission,
contractual clauses authorized by a supervisory
authority, or certification schemes or codes of
conduct authorized by the Commission or a
supervisory authority. Should ensure compliance with
data protection requirements and the rights of the
data subjects appropriate to processing within the
European Union.
Save
Terms in this set (178)
The implementation of appropriate technical and
organisational measures to ensure and be able to
demonstrate that the handling of personal data is
performed in accordance with relevant law, an idea
codified in the EU General Data Protection Regulation
and other frameworks, including APEC's Cross Border
Accountability
Privacy Rules. Traditionally has been a fair information
practices principle, that due diligence and
reasonable steps will be undertaken to ensure that
personal information will be protected and handled
consistently with relevant law and other fair use
principles.
Organizations must take every reasonable step to
ensure the data processed is this and, where
necessary, kept up to date. Reasonable measures
should be understood as implementing processes to
prevent inaccuracies during the data collection
process as well as during the ongoing data
Accuracy processing in relation to the specific use for which the
data is processed. The organization must consider the
type of data and the specific purposes to maintain the
accuracy of personal data in relation to the purpose.
Also embodies the responsibility to respond to data
subject requests to correct records that contain
incomplete information or misinformation.
, A transfer of personal data from the European Union
to a third country or an international organisation may
take place where the European Commission has
decided that the third country, a territory or one or
more specified sectors within that third country, or the
international organisation in question, ensures this by
taking into account the following elements: (a) the
rule of law, respect for human rights and fundamental
freedoms, both general and sectoral legislation, data
Adequate Level of protection rules, professional rules and security
Protection measures, effective and enforceable data subject
rights and effective administrative and judicial
redress for the data subjects whose personal data is
being transferred; (b) the existence and effective
functioning of independent supervisory authorities
with responsibility for ensuring and enforcing
compliance with the data protection rules; (c) the
international commitments the third country or
international organisation concerned has entered into
in relation to the protection of personal data.
The requirement under the GDPR that the European
Data Protection Board and each supervisory authority
periodically report on their activities. The
supervisory authority report should include
infringements and the activities that the authority
conducted under their Article 58(2) powers. The EDPB
report should include guidelines, recommendations,
Annual Reports
best practices and binding decisions. Additionally,
the report should include the protection of natural
persons with regard to processing in the EU and,
where relevant, in third countries and international
organisations. Shall be made public and be
transmitted to the European Parliament, to the
Council and to the Commission.
, In contrast to personal data, this is not related to an
identified or an identifiable natural person and cannot
Anonymous Information be combined with other information to re-identify
individuals. It has been rendered unidentifiable and,
as such, is not protected by the GDPR.
indications of special classes of personal data. If
there exists law protecting against discrimination
based on a class or status, it is likely personal
Anti-discrimination Laws
information relating to that class or status is subject to
more stringent data protection regulation, under the
GDPR or otherwise.
The GDPR refers to these in a number of contexts,
including the transfer of personal data to third
countries outside the European Union, the processing
of special categories of data, and the processing of
personal data in a law enforcement context. This
generally refers to the application of the general data
protection principles, in particular purpose limitation,
data minimisation, limited storage periods, data
quality, data protection by design and by default,
legal basis for processing, processing of special
categories of personal data, measures to ensure data
Appropriate Safeguards security, and the requirements in respect of onward
transfers to bodies not bound by the binding
corporate rules. This may also refer to the use of
encryption or pseudonymization, standard data
protection clauses adopted by the Commission,
contractual clauses authorized by a supervisory
authority, or certification schemes or codes of
conduct authorized by the Commission or a
supervisory authority. Should ensure compliance with
data protection requirements and the rights of the
data subjects appropriate to processing within the
European Union.
