Article 10 Processing of personal data relating to criminal convictions and offences

2020 ◽  
Author(s):  
Ludmila Georgieva
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Criminal Convictions ◽  
Article 9 ◽  
Article 5

Article 5 (Principles relating to processing of personal data); Article 6 (Lawfulness of processing) (see too recital 50); Article 9 (Processing of special categories of personal data); Article 27 (Representatives of controllers or processors not established in the Union) (see too recital 80); Article 30 (Records of processing activities) (see too recital 97); Article 35 (Data protection impact assessment) (see also recitals 75 and 91); Article 37 (Designation of the data protection officer) (see too recital 97).

Article 27 Representatives of controllers or processors not established in the Union

2020 ◽  
Author(s):  
Christopher Millard ◽  
Dimitra Kamarinou
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Supervisory Authority ◽  
Criminal Convictions ◽  
Article 9 ◽  
Judicial Remedy ◽  
Data Subject

Article 3 (Territorial scope) (see also recitals 23–24); Article 4(17) (Definitions); Article 9 (Processing of special categories of personal data) (see also recitals 10, 51–54); Article 10 (Processing of personal data relating to criminal convictions and offences) (see also recital 97); Article 13 (Information to be provided where personal data are collected from the data subject) and Article 14 (Information to be provided where personal data have not been obtained from the data subject) (see also recitals 60–62); Article 30 (Records of processing activities) (see also recital 82); Article 31 (Cooperation with the supervisory authority); Article 35 (Data protection impact assessment) (see also recitals 89–93); Article 36 (Prior consultation) (see also recital 94); Article 79 (Right to an effective judicial remedy against a controller or processor) (see also recital 145).

Article 4(13). Genetic data

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Individual Decision ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Article 9 ◽  
Definition Of

Article 4(1) (Definition of ‘personal data’) (see too recital 26); Article 4(15) (Definition of ‘data concerning health’) (see also recital 35); Article 4(16) (Definition of ‘biometric data’) (see too recital 51); Article 9(1) (Processing of special categories of personal data) (see also recital 53); Article 22(4) (Automated individual decision-making, including profiling) (see also recital 71); Article 35(3)(b) (Data protection impact assessment) (see too recital 91).

Article 24 Responsibility of the controller

2020 ◽  
Author(s):  
Christopher Docksey
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Article 5 ◽  
General Conditions

Article 5 (Principles relating to processing of personal data) (see too recital 39); Article 25 (Data protection by design and by default) (see too recital 78); Article 30 (Records of processing activities) (see too recital 82); Article 32 (Security of processing) (see too recital 83); Article 35 (Data protection impact assessment) (see too recitals 84 and 89–93); Articles 37–39 (Data protection officer) (see too recital 97); Articles 40–41 (Codes of conduct) (see too recitals 98–99); Articles 42–43 (Certification) (see too recital 100); Article 47 (Binding corporate rules) (see also recitals 108 and 110); Article 83 (General conditions for imposing administrative fines) (see too recitals 148 and 150–151).

Article 4(15). Data concerning health

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Individual Decision ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Article 9 ◽  
Definition Of

Article 4(1) (Definition of ‘personal data’) (see too recital 26); Article 4(13) (Definition of ‘genetic data’) (see also recital 34); Article 4(16) (Definition of ‘biometric data’) (see too recital 51); Article 9(1) (Processing of special categories of personal data) (see also recital 53); Article 22(4) (Automated individual decision-making, including profiling) (see also recital 71); Article 35(3)(b) (Data protection impact assessment) (see too recital 91).

Article 4(4). Profiling

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Information Society ◽  
Personal Data ◽  
Article 5 ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Legal Grounds

Article 3(2)(b) (Monitoring of data subjects’ behaviour); Article 5 (Principles relating to processing of personal data); Article 6 (Legal grounds for processing of personal data); Article 8 (Conditions applicable to children’s consent in relation to information society services) (see also recital 38); Article 13(2)(f) (Information on the existence of automated decision-making, including profiling) (see also recital 60); Article 14(2)(g) (Information on the existence of automated decision-making, including profiling) (see also recital 60); Article 15(1)(h) (Right of access regarding automated decision-making, including profiling) (see also recital 63); Article 21 (Right to object) (see also recital 70); Article 22 (Automated decision-making, including profiling) (see also recital 71); Article 23 (Restrictions) (see also recital 73); Article 35(3)(a) (Data protection impact assessment) (see also recital 91); Article 47(2)(e) (Binding corporate rules); Article 70(1)(f) (EDPB guidelines on automated decisions based on profiling)/

Article 4(14). Biometric data

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Individual Decision ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Article 9 ◽  
Definition Of

Article 4(1) (Definition of ‘personal data’) (see too recital 26); Article 4(13) (Definition of ‘genetic data’) (see too recital 34); Article 4(15) (Definition of ‘data concerning health’) (see also recital 35); Article 9(1) (Special categories of personal data); Article 22(4) (Automated individual decision-making, including profiling) (see also recital 71); Article 35(3)(b) (Data protection impact assessment) (see too recital 91).

Article 22 Automated individual decision-making, including profiling

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Individual Decision Making ◽  
Definition Of ◽  
Article 5 ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Legal Grounds

Article 3(2)(b) (Monitoring of data subjects’ behaviour); Article 4(4) (Definition of ‘profiling’); Article 5(1)(a) (Fair and transparent processing) (see also recitals 39 and 60); Article 5(2) (Accountability); Article 6 (Legal grounds for processing of personal data); Article 8 (Conditions applicable to children’s consent in relation to information society services); Article 12 (see too recital 58); Article 13(2)(f) (Information on the existence of automated decision-making); Article 14(2)(g) (Information on the existence of automated decision-making); Article 15(1)(h) (Right of access regarding automated decision-making); Article 21 (Right to object) (see also recital 70); Article 23 (Restrictions); Article 35(3)(a) (Data protection impact assessment) (see too recital 84); Article 47(2)(e) (Binding corporate rules); Article 70(1)(f) (EDPB guidelines on automated decisions based on profiling).

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

Article 30 Records of processing activities

2020 ◽  
Author(s):  
Waltraut Kotschy
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Flows ◽  
Right Of Access ◽  
Data Subject ◽  
General Conditions

Article 13 (Information to be provided where personal data are collected from the data subject); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 15 (Right of access by the data subject); Article 24 (Responsibility of the controller); Article 32 (Security of processing); Article 35 (Data protection impact assessment); Article 37 (Designation of a data protection officer); Article 49 (Derogations for specific situations concerning transborder data flows); Article 83 (General conditions for imposing administrative fines)

Article 4(11). Consent

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Information Society ◽  
Personal Data ◽  
Individual Decision ◽  
Individual Decision Making ◽  
Article 9 ◽  
Data Portability ◽  
Article 5 ◽  
Data Subject

Article 5 (Principles relating to processing of personal data) (see also recitals 33, 39 and 50); Article 6(1)(a) (Lawfulness of processing on basis of consent) (see too recital 40); Article 7 (Conditions for consent) (see also recital 42); Article 8 (Conditions applicable to child’s consent in relation to information society services) (see too recital 38); Article 9(2)(a) (Processing of special categories of personal data on basis of consent) (see too recital 51); Article 13 (Information to be provided where personal data are collected from the data subject) (see too recitals 60–62); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 17 (Right to erasure) (see too recital 65); Article 20 (Right to data portability) (see too recital 68); Article 22 (Automated individual decision-making, including profiling) (see too recital 71); Article 49(1)(a) (Transfer of personal data to third country or international organisation on basis of consent) (see too recitals 111–112).

Sign in / Sign up

Export Citation Format

Share Document