What is the purpose of a data protection audit by the supervisory authority?
To advise the controller on the mitigation of privacy risks to protect the controller from liability claims for non-compliance. Incorrect. The supervisory authority has the task to monitor compliance and to advise on enhancements, but its purpose is not to protect the controller.
To fulfill the obligation in the GDPR to implement appropriate technical and organizational measures for data protection. Incorrect. The audit is not the implementation of the measures, but an assessment of the effectiveness of them.
To monitor and enforce the application of the GDPR by assessing that processing is performed in compliance with the GDPR. Correct. According to the GDPR this is an important task of a supervisory authority. (Literature: A, Chapter 7; GDPR Article 57 (1)(a))
A person buys a product at a store located in the European Economic Area (EEA). At the time of purchase, you are asked to fill out a registration form and he informs his personal email.
As is usual in many stores, in the next few days this person will start receiving several marketing emails. He considers the frequency of these emails to be very high. Demanding his rights, he asks the store to delete all his personal data.
What is the right required by the data subject?
Article 17
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal dat
a. Which role in data protection is defined here?
Controller: Correct. The controller determines the purpose and means of the processing. (Literature: A, Chapter 1; GDPR Article 4(7))
Processor: Incorrect. The controller determines the purpose of the processing, the processor works on the controller's instructions.
Supervisory authority: Incorrect. The supervisory authority monitors and enforces compliance with the GDPR requirements.
Third party: Incorrect. A third party has no role in determining the purpose of the processing. Any party that determines the purpose would become a new controller.
What is the term used in the General Data Protection Regulation (GDPR) for the disclosure of, or unauthorized access to, personal data?
GDPR uses the term data breach.
Article 4 paragraph 12
'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
To plan the amount of parking space needed, a local government monitors and saves the license plate number of every car that enters and leaves the city center. They have obtained permission to collect data on the number of cars present in the city center. By comparing the license plate time of entry and exit the number of cars present every moment of each day is calculated. Each month a report is created detailing the average number of cars in the city center at specific moments for every day of the week. At every entrance to the city center, a billboard clearly states what data is collected by whom, the purpose of the processing and the fact that the license plate numbers are saved securely for up to two years, because the measurements will be repeated next year. Which of the basic principles for legitimate processing of personal data is violated in this scenario?
Personal data are collected for specified, explicit and legitimate purposes and not further processed. Incorrect. The local government is entitled to collect data on the number of cars present.
Personal data are kept in a form permitting identification of data subjects for no longer than is necessary. Correct. In the given scenario, there is no need to retain the data of a specific car identifying the owner once it has left the area (Literature: A, Chapter 2; GDPR Article 5)
Personal data are processed in a manner that ensures appropriate security of the personal data. Incorrect. The scenario does not suggest inappropriate security.
Personal data are processed in a transparent manner in relation to the data subject. Incorrect. The processing is taking place transparently, since it is communicated properly to the data subjects.
Thea
6 days agoAmber
8 days agoLawrence
15 days agoNoah
20 days agoRima
23 days agoCorinne
1 months agoGlenn
1 months agoPura
1 months agoRex
2 months agoAlberto
2 months agoGerri
2 months agoXochitl
2 months agoProvidencia
2 months agoBuck
3 months agoVerlene
3 months agoGearldine
3 months agoDahlia
3 months agoSabina
4 months agoChara
5 months agoMargery
6 months agoLisandra
6 months ago