CIPP/E - Data Protection Concepts - Chapter 4 correctly answered graded A+ 2023/2024

CIPP/E - Data Protection Concepts - Chapter 4 Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified directly or indirectly, in particular be reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. - correct answers What is the GDPR definition of 'Personal Data' The four building blocks are: 1) 'Any information' 2) 'relating to' 3) 'an identified or identifiable' 4) 'natural person' - correct answers What are the four 'building blocks' that comprise the meaning of personal data? No, Information does not have to be true to be considered personal data. - correct answers Does information have to be true to be considered personal data? Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specifc data subject without the use of additional information, provided that individual information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. - correct answers What is Pseudonymisation? Sensitive Personal Data is personal data that, fall into special categories, and could reveal racial or ethnic origin, political opinion, religious or philosophical beliefs,or trade union membership and the the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. - correct answers What is Sensitive Personal Data? Controller, is defined in the Regulation, as: The natural or legal person, public authority, agency or other body, alone or jointly with others, determines the purpose and means of processing personal data. - correct answers What is the GDPR definition of 'Controller'? This is the explicit appointment of a controller under national or community law. More typically, the law establishes a task or imposes a duty on someone to collect data. - correct answers What is Control stemming from explicit legal competence? This is control that stems from common legal provisions or established legal practivce (e.g. an employer with employee data). The capacity to determine processing activities can be considered naturally attached to the functional role of the organisation. - correct answers What is Control stemming from implicit competence? The responsilbilty as controller is attributed on the basis of an assessment of the factual circumstances. Where the matter is not clear, an assessment should consider the degree of actual control exercised by a party, the impression given to individuals, and the reasonable expectations of individuals on the basis of this visibility. - correct answers What is Control stemming from factual influence? This is, the why and the how of the processing activity. This is the Controllers responsibility. - correct answers What is the purpose and means of processing? The GDPR defines processor as a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. - correct answers What is the GDPR definition of processor? The Regulation requires that the processor processes personal data only on the controller's instructions and that a contract or bind legal document act regulating the relations between the controller and the processor be put into writing. - correct answers What are the requirement for the Controller and Processor relationship? The contract must expressly set out the nature and purpose of ant data processing, the type of personal data and the the categories of data subjects. - correct answers What must the Controller - Processor contract state?