Heading Restriction under Article 18 Rectification under Article 16 Erasure / "right to be forgotten" under Article 17 All of the above
Heading Employee data can only be processed if there is an approval from the data protection officer. Consent may not be valid if the employee feels compelled to provide it. An employer might have difficulty obtaining consent from every employee Data protection laws do not apply to processing of employee data.
Heading Intellectual Privacy Information Privacy Bodily Privacy Territorial Privacy
Heading Processing is carried out by an organization employing 250 persons or more. Processing is carried out for the purpose of providing for-profit goods or services to individuals in the EU. The core activities of the controller or processor consist of processing operations of financial information or information relating to children. The core activities of the controller or processor consist of processing operations that require systematic monitoring of data subjects on a large scale.
Heading The group of undertakings must obtain approval from a supervisory authority. The group of undertakings must be comprised of organizations of similar sizes and functions. The data protection officer must be located in the country where the data controller has its main establishment. The data protection officer must be easily accessible from each establishment where the undertakings are located.
Heading A vehicle licensing agency selling owner names and contact details to the private sector in exchange for money A company director credit checking agency republishing the contents of a Mandatory Public Register of directors which is already in the public domain publishing the names and addresses of directors on the internet A registered and regulated charity receiving information from any public sector body as part of a lawful Data Sharing Agreement None of the above
Heading Co-Regulatory Comprehensive Self-Regulatory Sectorial
Heading Data subject rights Data access disputes Cross-border processing Special categories of data
Heading Controllers must make best efforts to verify the consent. Controllers must make reasonable efforts to verify the consent. Controllers must make best efforts to request the consent in clear and plain language, in the context of the age of the child. Controllers must make reasonable efforts to request the consent in clear and plain language, in the context of the age of the child.
Heading A prior opt-in consent for consumers unless they are already customers. A pre-checked box stating that the consumer agrees to receive email marketing. A notice that the consumers email address will be used for marketing purposes. No prior permission required, but an opt-out requirement on all emails sent to consumers.
Heading Both govern international transfers of personal data. Both only apply to European Union countries. Both only apply to European Union countries. Both require notification of processing activities to a supervisory authority.
Heading The controller will be liable to pay an administrative fine. The processor will be liable to pay compensation to affected data subjects. The processor will be considered to be a controller in respect of the processing concerned. The controller will be required to demonstrate that the unauthorized processing negatively affected one or more of the parties involved.
Heading A member of the judiciary involved in adjudicating a legal dispute involving the data subject and concerning the health of the data subject. A public authority responsible for public health, where the sharing of such information is considered necessary for the protection of the general populace. A health professional involved in the medical care for the data subject, where the data subject's life hinges on the timely dissemination of such information. A journalist writing an article relating to the medical condition in question, who believes that the publication of such information is in the public interest.
Heading To encourage the consistency of local data processing activity. To give corporations a choice about who their supervisory authority will be. To ensure the GDPR covers controllers that do not have an establishment in the EU but have a representative in a member state. To ensure that the interests of individuals residing outside the lead authority's jurisdiction are represented.
Heading The European Commission can adopt an adequacy decision for individual companies. The European Commission can adopt, repeal or amend an existing adequacy decision. EU member states are vested with the power to accept or reject a European Commission adequacy decision. To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.
Heading The default age at which a child can give consent. The usefulness of the Principle of fairness, lawfulness and transparency. The right to erasure. All of the above.
Heading Any act involving the collecting and recording of personal data. Any operation or set of operations performed on personal data or on sets of personal data. Any use or disclosure of personal data compatible with the purpose for which the data was collected. Any operation or set of operations performed by automated means on personal data or on sets of personal data.
Heading The data subject already has information regarding how his data will be used. The provision of such information to the data subject would be too problematic. Third-party data would be disclosed by providing such information to the data subject. The processing of the data subject's data is protected by appropriate technical measures.
Heading The ePrivacy Directive. The E-Commerce Directive. The Data Retention Directive. The EU Cybersecurity Directive.
Heading Background checks on employees could be performed only under prior notice to all employees. Background checks are only authorized with prior notice and express consent from all employees including those based in Europe. Background checks on European employees will stem from data protection and employment law, which can vary between member states. Background checks may not be allowed on European employees, but the company can create lists based on its legitimate interests, identifying individuals who are ineligible for employment.
Heading Within 40 days of receipt. Within 40 days of receipt, which may be extended by up to 40 additional days. Within one month of receipt, which may be extended by up to an additional month. Within one month of receipt, which may be extended by an additional two months.
Heading Notify the appropriate data protection authority Perform a data protection impact assessment (DPIA) Create an information retention policy for those who operate the system. Ensure that safeguards are in place to prevent unauthorized access to the footage.
Heading A company wants to build a dating app that creates candidate profiles based on location data and data from third-party sources. A company wants to combine location data with other data in order to offer more personalized service for the customer. A company wants to use location data to infer information on a person’s clothes purchasing habits. A company wants to use location data to track delivery trucks in order to make the routes more efficient.
Heading When creating an untargeted pop-up ad on a website. When calling a potential customer to notify her of an upcoming product sale. When emailing a customer to announce that his recent order should arrive earlier than expected. When paying a search engine company to give prominence to certain products and services within specific search results.