The GDPR describes the principle of data minimization. How can organizations comply with this principle?
By applying the concept of least privilege to the personal data collected, stored or otherwise
processed. Incorrect. Data minimization does not address least privilege.
By limiting access rights to staff who need the personal data for the intended processing operations. Incorrect. This describes the concept of limiting authorization for instance to comply with the principle of integrity and confidentiality.
By limiting file sizes, through saving all personal data that is processed in the smallest possible format. Incorrect. Data minimization according to the GDPR is not about storage size, but about minimalizing the use of personal data.
By limiting the personal data to what is adequate, relevant and necessary for the processing purposes.
Correct. This is the essence of the description in the GDPR. (Literature: A, Chapter 2; GDPR Article 5(1)(c))
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Which data processing principle is described here?
Accuracy. Incorrect. Accuracy is the principle that personal data shall be accurate and kept up to date.
Data minimization. Correct. Data minimization means that personal data shall be adequate, relevant and limited to what is necessary. (Literature: A, Chapter 2; GDPR Article 5(1))
Fairness and transparency. Incorrect. Fairness and transparency mean that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Purpose limitation. Incorrect. Purpose limitation means that personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with GDPR Article 89(1), not be considered to be incompatible with the initial purposes.
The General Data Protection Regulation (GDPR) is often known as the ''European privacy law''. What is the relationship between 'privacy' and 'data protection'?
Data protection and privacy are complementary, but not the same thing.
A very repeated phrase is: ''It is possible to have security without privacy, but it is not possible to have privacy without security''.
Privacy is a right that must be protected, and Data Protection are the measures that will be used to achieve this protection.
A person is moving from city A to city B, within an EEA member state. In city A he was a patient of the local hospital
The hospital in A can send the data directly to hospital B, as requested by the patient. Correct. The right to portability allows this. (Literature: A, Chapter 3)
The hospital in A can send the file to hospital B, before the patient has requested it. Incorrect. The hospital in B can only acquire the file from A with consent or if it is in the vital interest of the data subject and consent cannot be obtained.
The hospital in A can send the medical file to the data subject, but not to another hospital. Incorrect. The data subject can ask for the data to be sent directly.
The hospital in A cannot send the file, because there is no legitimate ground for processing. Incorrect. A request, which implies consent, of the data subject is a sufficient legitimate ground.
Which of the following has a data breach under the General Data Protection Regulation (GDPR)?
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!