When do you need a DPO? - ANS-If the core activity of the processor or controller
includes;
• Regular and systematic processing on a large scale
• Processing special categories of data on a large scale
• Monitoring of a large scale geographical area
• Processing by public bodies other than courts
When do controllers and processors have to keep records (Article 30)? - ANS-If they
have 250 or more employees or The processing is likely to result in a risk to data
subjects or Processing is not occasional Processing includes special categories
When do you not need a DPIA even if you are doing a processing that involves high
risk? - ANS-For legal obligation purpose (employment) or for execution of a public task
(tax)
Which institution is eligible to approve Binding Corporate Rules? - ANS-Supervisory
Authority
What are the Privacy Shield self-certification requirements? - ANS-Commit to adhere to
the Privacy Shield Principles and publicise the commitment, publicly disclose privacy
policy, implement the principles, Renew certification annually
Why can't a US financial institution be eligible for Privacy Shield? - ANS-Because it is
not under the enforcement authority of Federal Trade Commission
What is the current list of adequate countries and the period to review the adequacy? -
ANS-Uruguay, Argentina, Canada (commercial organisations only), US(Privacy Shield),
Andorra, Jersey & Guernsey, Isle of Man, Israel, Switzerland, New Zealand, Faeroe
Islands - 4 years
What are the legal bases to transfer data outside of EEA? - ANS-Adequacy Decisions,
Appropriate Safeguards (Binding Corporate Rules, Standard Clauses, Codes of conduct
or certification, Adhoc contractual clauses authorised by SA, International Agreements),
Derogations (as last resort)
, When does the household exemption for GDPR not apply? - ANS-If you act on behalf of
an organisation or you knowingly extend the access to data beyond selected group of
contacts (ie: making it public)
What is the exception for opt-on rule for B2C marketing? - ANS-If you collected the
contact details in the context of a sale transaction (including presales) and marketing is
related with first party products and optout is offered at the point of data collection and
opt-out is offered in every subsequent communication
What information do you need to include in CCTV notice? - ANS-Identity and contact of
controller + Purpose
What are the permitted uses of metadata according to ePrivacy? - ANS-Quality of
service requirements, billing and interconnection payments, Prevent fraud and abuse
What are the 4 considerations for monitoring? - ANS-Necessity (can you use another
method?), Proportionality (proportional to purpose), Legitimacy (Lawful basis),
Transparency (Inform the data subject)
Who monitors personal data processing of EU bodies? - ANS-European Data Protection
Supervisor
What are the powers of Supervisory Authority and examples for each power? -
ANS-Investigative (Conduct audits, obtain access to premises), Corrective (issue fines,
ban processing), Authorisation & Advisory (Approve BCRs, Accredit certification bodies)
What information should be provided to data subjects for cross-border transfers? -
ANS-Existence or absence of an adequacy decision, Intent to transfer to another
country or multinational organisation, A reference to safeguards
What are cross border transfer derogations? - ANS-Explicit consent, performance of a
contract, Pubic Interest, Legal claims, Transfer from a register of public information,
Legitimate Interest (only if it is one off, not systematic, limited number of data subjects
and you must inform data subject+SA)
What are the responsibilities of a Supervisory Authority? - ANS-Represent member
state in EDPB, Promote monitor enforce GDPR, Protect fundamental human rights,
Facilitate free flow of personal data
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.