CIPP/E
Article 29 Working Party - Responsibilities - ANS-1. Draft evaluations
2. Outputs
-- Opinions
-- Working files
-- Annual reviews
3. Spot divergences
4. Issue guidelines
5. Annual reviews
BCR - Cons - ANS-1. Not self-certification but
2. Lack of DPAs' sources
3. Top control purchase-in required
BCR - Pros - ANS-1. Legal truth
2. Flexibility
three. Reduced scrutiny
4. Framework for global compliance application
BCR Requirements - ANS-1. Must apply commonly in the course of the corporate institution;
2. System that guarantees recognition and implementation of the BCRS;
3. Provide for self-audits;
four. Set up a system via which people' lawsuits are treated with the aid of a simply diagnosed
consultant or department;
five. Contain clear duties of cooperation with DPAs.
6. Contain provisions on liability and jurisdiction geared toward facilitating their practice workout.
7. Corporate group need to be given that people might be entitled to take action towards the
organization in addition to to pick the jurisdiction.
Eight. Individuals have to be made conscious that private information is being communicated to
different individuals of the corporate institution out of doors the EU.
Confidentiality and Security -- Practice - ANS-In exercise:
1. Layered coverage framework;
2. Human factors;
three. Physical surroundings;
4. Information era & communications; and
5. Data processors
Confidentiality and Security -- Theory - ANS-In idea, controllers ought to implement appropriate
technical and organizational measures to guard non-public data.
, Controllers are required to perform a risk assessment whilst making selections approximately
controls. The hazard evaluation must reflect on the nature of the facts that is to be processed,
the risk vectors that undertaking the data, and the damage that may result from a safety breach.
Consent - ANS-Freely given (i.E., they need to have a actual desire);
Specific (i.E., given mainly for the unique processing operation in query); and
Informed (i.E., facts problem is given all of the necessary information of the processing hobby in
a language and form he can recognize)
Controller - ANS-Natural or prison man or woman, public authority, enterprise, or some other
body that by myself or jointly with others determines the functions and way of the processing of
personal data.
Convention 108 v. OECD Guidelines - ANS-Convention 108 differs from the Guidelines in that it
required signatories to take the vital steps of their home rules to apply the principles it lays
down.
Council of Europe Convention for the Protection of Individuals with reference to Automatic
Processing of Personal Data - ANS-Also referred to as Convention 108. Was the first legally
binding international device within the location of records protection. Convention 108 units the
standard for the protection of the personal statistics of people while additionally in search of to
find a balance for the want to keep the loose drift of personal statistics for the purposes of
international change.
Council of the EU - ANS-The main decision-making frame of the EU, having a central function in
each political and legislative selections. The Council's conferences are attend by means of one
minister from every member kingdom, where ministers have the power to dedicate their
government.
Court of Justice of the European Union - ANS-The judicial body of the EU that makes choices
on problems of EU law and enforces European selections either in recognize of movements
taken by way of the European Commission against a member nation or movement taken by
using an man or woman to put into effect his rights below EU regulation.
Data Protection Directive - Article 4(1)(a) - ANS-The regulation of a member state applies whilst
the statistics processing is executed inside the context of the sports of an established order of
the controller on the territory of the member country.
Where the controller has institutions in multiple member state, it need to comply with every
national law due to its records processing operations.
Article 29 Working Party - Responsibilities - ANS-1. Draft evaluations
2. Outputs
-- Opinions
-- Working files
-- Annual reviews
3. Spot divergences
4. Issue guidelines
5. Annual reviews
BCR - Cons - ANS-1. Not self-certification but
2. Lack of DPAs' sources
3. Top control purchase-in required
BCR - Pros - ANS-1. Legal truth
2. Flexibility
three. Reduced scrutiny
4. Framework for global compliance application
BCR Requirements - ANS-1. Must apply commonly in the course of the corporate institution;
2. System that guarantees recognition and implementation of the BCRS;
3. Provide for self-audits;
four. Set up a system via which people' lawsuits are treated with the aid of a simply diagnosed
consultant or department;
five. Contain clear duties of cooperation with DPAs.
6. Contain provisions on liability and jurisdiction geared toward facilitating their practice workout.
7. Corporate group need to be given that people might be entitled to take action towards the
organization in addition to to pick the jurisdiction.
Eight. Individuals have to be made conscious that private information is being communicated to
different individuals of the corporate institution out of doors the EU.
Confidentiality and Security -- Practice - ANS-In exercise:
1. Layered coverage framework;
2. Human factors;
three. Physical surroundings;
4. Information era & communications; and
5. Data processors
Confidentiality and Security -- Theory - ANS-In idea, controllers ought to implement appropriate
technical and organizational measures to guard non-public data.
, Controllers are required to perform a risk assessment whilst making selections approximately
controls. The hazard evaluation must reflect on the nature of the facts that is to be processed,
the risk vectors that undertaking the data, and the damage that may result from a safety breach.
Consent - ANS-Freely given (i.E., they need to have a actual desire);
Specific (i.E., given mainly for the unique processing operation in query); and
Informed (i.E., facts problem is given all of the necessary information of the processing hobby in
a language and form he can recognize)
Controller - ANS-Natural or prison man or woman, public authority, enterprise, or some other
body that by myself or jointly with others determines the functions and way of the processing of
personal data.
Convention 108 v. OECD Guidelines - ANS-Convention 108 differs from the Guidelines in that it
required signatories to take the vital steps of their home rules to apply the principles it lays
down.
Council of Europe Convention for the Protection of Individuals with reference to Automatic
Processing of Personal Data - ANS-Also referred to as Convention 108. Was the first legally
binding international device within the location of records protection. Convention 108 units the
standard for the protection of the personal statistics of people while additionally in search of to
find a balance for the want to keep the loose drift of personal statistics for the purposes of
international change.
Council of the EU - ANS-The main decision-making frame of the EU, having a central function in
each political and legislative selections. The Council's conferences are attend by means of one
minister from every member kingdom, where ministers have the power to dedicate their
government.
Court of Justice of the European Union - ANS-The judicial body of the EU that makes choices
on problems of EU law and enforces European selections either in recognize of movements
taken by way of the European Commission against a member nation or movement taken by
using an man or woman to put into effect his rights below EU regulation.
Data Protection Directive - Article 4(1)(a) - ANS-The regulation of a member state applies whilst
the statistics processing is executed inside the context of the sports of an established order of
the controller on the territory of the member country.
Where the controller has institutions in multiple member state, it need to comply with every
national law due to its records processing operations.
