General ¡Data ¡Protection ¡Regulation Nataliia ¡Bielova ¡ @nataliabielova Security ¡and ¡ethical ¡aspects ¡of ¡data Université Cote ¡d'Azur
be for “specified, explicit and legitimate purposes” – • • D • to protect a person’s GDPR is “a breach of • • ly otherwise processed.” � If likely t “Right not to be subject to a GENERAL ¡DATA ¡PROTECTION ¡ including profiling.” REGULATION 2
TERRITOR TORIAL L SCOPE THE THE PLA PLAYERS PERSONAL ONAL DATA SENSI SITI TIVE DATA Data Da Reli ligious us or Subjects ts Trade Union Tr Philo loso sophi hica cal l Se Sex Member bersh ship Beli liefs Life Li Data Contro trollers Political al Opi Opinions Data Da Identi tifi fied Identi tifi fiable Healt lth 3 Processors Proc Racial al or Genetic c Bi Biometric c Ethnic Origi gin Da Data Data Da Supe pervisory y EU Establishme hments ts Au Authorities Non - EU Establishe Non hed d Organizati tions RESPONSI ONSIBILI LITIES IES OF DATA CONTR TROLLE OLLERS S AND PROCESS SSORS Offer goods or services or engaging in built in starting at monitoring within the EU. Da Data the beginning of the Data Prote tecti tion Securi urity ty Prote otecti tion on by design process Officer (DPO) PO) LAWFUL L PROCESS SSING NG Record d of Data Design De Designate DPO if core Processing Activiti ties Data Impa pact t Collection and processing of personal data must activity involves regular Maintain a documented As Assessment nt be for “specified, explicit and legitimate purposes” monitoring or processing register of all activities – with consent of data subject or necessary for large quantities of For high risk involving processing of EU CONSENT SENT personal data.. • performance of a contract situations personal data. • compliance with a legal DATA BREACH H NOTIFICATI TION ON obligation • to protect a person’s GDPR A personal data breach is “a breach of vital interests • task in the public security leading to the accidental or unlawful destruction, loss, alteration, interest • legitimate interests unauthorized disclosure of, or access Consent must be freely to, personal data transmitted, stored or given, specific, otherwise processed.” RIGHTS S OF DATA SUBJECTS TS informed, and If likely to result in a high privacy risk � notify data subjects unambiguous. Notify supervisory authorities no later Automated ated “Right not to be subject to a than 72 hours after discovery. De Decision-Maki king decision based solely on ENFOR ORCEMENT NT automated processing, INTERNATI TIONAL ONAL DATA TRANS NSFER including profiling.” Transparency Tra Adequate quate Level of Fin Fines Data Prote tecti tion Up to 20 million euros or 4% of total annual worldwide Right t to Ac Access and nd turnover. Less serious violations: Up to 10 million Erasure ure euros or 2% of total annual worldwide turnover. Rectifi ficatio ation Purpo rpose Effecti tive ve Judi dicial l Remedi dies : Bindi ding Specifi ficatio ation and compensation for material and Right t to Data Corpo rporate rate non - material harm. Minimizatio ation Porta tability ty Ru Rules Model Mo Privacy y (BCRs) (B Contra tractu tual Sh Shield Claus uses w w w . t e a c h p r i v a w w w . v a c y . c o m 2019 Workfo kforce awareness training by Prof. f. Daniel J. Solove Pleas lease ask permission to reus use or distri ribut bute
TERRITOR TORIAL L SCOPE THE THE PLA PLAYERS PERSONAL ONAL DATA SENSI SITI TIVE DATA Data Da Reli ligious us or Subjects ts Trade Union Tr Philo loso sophi hica cal l Se Sex Member bersh ship Beli liefs Life Li Data Contro trollers Political al Opi Opinions Data Da Identi tifi fied Identi tifi fiable Healt lth 4 Processors Proc Racial al or Genetic c Bi Biometric c Ethnic Origi gin Da Data Data Da Supe pervisory y EU Establishme hments ts Au Authorities Non - EU Establishe Non hed d Organizati tions RESPONSI ONSIBILI LITIES IES OF DATA CONTR TROLLE OLLERS S AND PROCESS SSORS Offer goods or services or engaging in built in starting at monitoring within the EU. Da Data the beginning of the Data Prote tecti tion Securi urity ty Prote otecti tion on by design process Officer (DPO) PO) LAWFUL L PROCESS SSING NG Record d of Data Design De Designate DPO if core Processing Activiti ties Data Impa pact t Collection and processing of personal data must activity involves regular Maintain a documented As Assessment nt be for “specified, explicit and legitimate purposes” monitoring or processing register of all activities – with consent of data subject or necessary for large quantities of For high risk involving processing of EU CONSENT SENT personal data.. • performance of a contract situations personal data. • compliance with a legal DATA BREACH H NOTIFICATI TION ON obligation • to protect a person’s GDPR A personal data breach is “a breach of vital interests • task in the public security leading to the accidental or unlawful destruction, loss, alteration, interest • legitimate interests unauthorized disclosure of, or access Consent must be freely to, personal data transmitted, stored or given, specific, otherwise processed.” RIGHTS S OF DATA SUBJECTS TS informed, and If likely to result in a high privacy risk � notify data subjects unambiguous. Notify supervisory authorities no later Automated ated “Right not to be subject to a than 72 hours after discovery. De Decision-Maki king decision based solely on ENFOR ORCEMENT NT automated processing, INTERNATI TIONAL ONAL DATA TRANS NSFER including profiling.” Transparency Tra Adequate quate Level of Fin Fines Data Prote tecti tion Up to 20 million euros or 4% of total annual worldwide Right t to Ac Access and nd turnover. Less serious violations: Up to 10 million Erasure ure euros or 2% of total annual worldwide turnover. Rectifi ficatio ation Purpo rpose Effecti tive ve Judi dicial l Remedi dies : Bindi ding Specifi ficatio ation and compensation for material and Right t to Data Corpo rporate rate non - material harm. Minimizatio ation Porta tability ty Ru Rules Model Mo Privacy y (BCRs) (B Contra tractu tual Sh Shield Claus uses w w w . t e a c h p r i v a w w w . v a c y . c o m 2019 Workfo kforce awareness training by Prof. f. Daniel J. Solove Pleas lease ask permission to reus use or distri ribut bute
be for “specified, explicit and legitimate purposes” – • • D • to protect a person’s GDPR is “a breach of • • ly otherwise processed.” � If likely t “Right not to be subject to a PERSONAL ¡DATA including profiling.” 5 Slides ¡of ¡Cristiana ¡Santos
‘ personal data ’ means any information relating to an identified or identifiable natural person (‘ data subject ’); an identifiable natural person is one who can be identified , directly or indirectly , in particular by reference to an identifier such as a name , an identification number , location data , an online identifier or to one or more factors specific to the physical , physiological , genetic , mental , economic , cultural or social identity of that natural person ; https :// gdpr - info . eu / art -4- gdpr / 6
7 Slides ¡of ¡Cristiana ¡Santos
1. ¡Any ¡information ¡ can ¡be ¡personal ¡data • Any ¡information ¡can ¡fall ¡under ¡personal ¡data ¡ regardless of ¡its ¡ nature, ¡content, ¡or ¡format: • Nature: true or inaccurate, objective and subjective (including opinions and assessments) [Nowak, 2017] • Content : not strict to private or family life, and could concern an individual´s professional life, and other capacities • Format : alphabetical , numerical, graphical, photographical or acoustic, kept on paper or stored in a computer memory as a binary code, structured or unstructured, video and voice recording , as well as a child’s drawing that could contain personal data of both the child and the parents 8 Slides ¡of ¡Cristiana ¡Santos
Recommend
More recommend
