Article 24 Responsibility of the controller

2020 ◽  
Author(s):  
Christopher Docksey
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Article 5 ◽  
General Conditions

Article 5 (Principles relating to processing of personal data) (see too recital 39); Article 25 (Data protection by design and by default) (see too recital 78); Article 30 (Records of processing activities) (see too recital 82); Article 32 (Security of processing) (see too recital 83); Article 35 (Data protection impact assessment) (see too recitals 84 and 89–93); Articles 37–39 (Data protection officer) (see too recital 97); Articles 40–41 (Codes of conduct) (see too recitals 98–99); Articles 42–43 (Certification) (see too recital 100); Article 47 (Binding corporate rules) (see also recitals 108 and 110); Article 83 (General conditions for imposing administrative fines) (see too recitals 148 and 150–151).

Article 30 Records of processing activities

2020 ◽  
Author(s):  
Waltraut Kotschy
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Flows ◽  
Right Of Access ◽  
Data Subject ◽  
General Conditions

Article 13 (Information to be provided where personal data are collected from the data subject); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 15 (Right of access by the data subject); Article 24 (Responsibility of the controller); Article 32 (Security of processing); Article 35 (Data protection impact assessment); Article 37 (Designation of a data protection officer); Article 49 (Derogations for specific situations concerning transborder data flows); Article 83 (General conditions for imposing administrative fines)

Article 41 Monitoring of approved codes of conduct

2020 ◽  
Author(s):  
Irene Kamara
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Codes Of Conduct ◽  
General Conditions

Article 24 (Responsibility of the controller) (see too recitals 74–77, 83); Article 35 (Data protection impact assessment) (see too recital 84); Article 40 (Codes of conduct); Article 46 (Transfers subject to appropriate safeguards) (see too recitals 108–109); Article 57 (Tasks); Article 58 (Powers); Article 64 (Opinion of the Board); Article 70 (Tasks of the Board); Article 83 (General conditions for imposing administrative fines) (see too recitals 150–151); Article 93 (Committee procedure).

Article 10 Processing of personal data relating to criminal convictions and offences

2020 ◽  
Author(s):  
Ludmila Georgieva
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Criminal Convictions ◽  
Article 9 ◽  
Article 5

Article 5 (Principles relating to processing of personal data); Article 6 (Lawfulness of processing) (see too recital 50); Article 9 (Processing of special categories of personal data); Article 27 (Representatives of controllers or processors not established in the Union) (see too recital 80); Article 30 (Records of processing activities) (see too recital 97); Article 35 (Data protection impact assessment) (see also recitals 75 and 91); Article 37 (Designation of the data protection officer) (see too recital 97).

Article 40 Codes of Conduct

2020 ◽  
Author(s):  
Irene Kamara
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Codes Of Conduct ◽  
General Conditions

Article 24 (Responsibility of the controller) (see too recitals 74–77 and 83); Article 35 (Data protection impact assessment) (see too recital 84); Article 41 (Monitoring of approved codes of conduct); Article 46 (Transfers subject to appropriate safeguards) (see too recitals 108–109); Article 57 (Tasks); Article 58 (Powers); Article 64 (Opinion of the Board); Article 70 (Tasks of the Board); Article 83 (General conditions for imposing administrative fines) (see too recitals 150–151); Article 93 (Committee procedure).

Article 25 Data protection by design and by default

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Public Interest ◽  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Historical Research ◽  
Individual Decision Making ◽  
The Public ◽  
Definition Of ◽  
Article 5 ◽  
Data Subject

Article 4(5) (Definition of ‘pseudonymisation’) (see too recital 28); Article 5(2) (Accountability) (see too recital 11); Article 6(4)(e) (Compatibility); Article 22 (Automated individual decision-making, including profiling) (see too recital 71); Article 24 (Responsibility of controllers); Article 28 (Processors) (see too recital 81); Article 32 (Security of processing) (see too recital 83); Article 34(3)(a) (Communication of personal data breach to data subject) (see too recitals 87–88); Article 35 (Data protection impact assessment) (see too recital 84); Article 40 (Codes of conduct); Article 83(2)(d) and 83(4) (Fines); Article 89(1) (Safeguards relating to processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes).

Article 4(4). Profiling

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Information Society ◽  
Personal Data ◽  
Article 5 ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Legal Grounds

Article 3(2)(b) (Monitoring of data subjects’ behaviour); Article 5 (Principles relating to processing of personal data); Article 6 (Legal grounds for processing of personal data); Article 8 (Conditions applicable to children’s consent in relation to information society services) (see also recital 38); Article 13(2)(f) (Information on the existence of automated decision-making, including profiling) (see also recital 60); Article 14(2)(g) (Information on the existence of automated decision-making, including profiling) (see also recital 60); Article 15(1)(h) (Right of access regarding automated decision-making, including profiling) (see also recital 63); Article 21 (Right to object) (see also recital 70); Article 22 (Automated decision-making, including profiling) (see also recital 71); Article 23 (Restrictions) (see also recital 73); Article 35(3)(a) (Data protection impact assessment) (see also recital 91); Article 47(2)(e) (Binding corporate rules); Article 70(1)(f) (EDPB guidelines on automated decisions based on profiling)/

Article 22 Automated individual decision-making, including profiling

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Individual Decision Making ◽  
Definition Of ◽  
Article 5 ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Legal Grounds

Article 3(2)(b) (Monitoring of data subjects’ behaviour); Article 4(4) (Definition of ‘profiling’); Article 5(1)(a) (Fair and transparent processing) (see also recitals 39 and 60); Article 5(2) (Accountability); Article 6 (Legal grounds for processing of personal data); Article 8 (Conditions applicable to children’s consent in relation to information society services); Article 12 (see too recital 58); Article 13(2)(f) (Information on the existence of automated decision-making); Article 14(2)(g) (Information on the existence of automated decision-making); Article 15(1)(h) (Right of access regarding automated decision-making); Article 21 (Right to object) (see also recital 70); Article 23 (Restrictions); Article 35(3)(a) (Data protection impact assessment) (see too recital 84); Article 47(2)(e) (Binding corporate rules); Article 70(1)(f) (EDPB guidelines on automated decisions based on profiling).

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

Article 4(13). Genetic data

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Individual Decision ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Article 9 ◽  
Definition Of

Article 4(1) (Definition of ‘personal data’) (see too recital 26); Article 4(15) (Definition of ‘data concerning health’) (see also recital 35); Article 4(16) (Definition of ‘biometric data’) (see too recital 51); Article 9(1) (Processing of special categories of personal data) (see also recital 53); Article 22(4) (Automated individual decision-making, including profiling) (see also recital 71); Article 35(3)(b) (Data protection impact assessment) (see too recital 91).

Article 38 Position of the data protection officer

2020 ◽  
Author(s):  
Cecilia Alvarez Rigaudias ◽  
Alessandro Spina
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority ◽  
Data Subject

Article 13(1)(b) (Information to be provided where personal data are collected from the data subject) (see too recitals 60–61); Article 14(1)(b) (Information to be provided where personal data have not been obtained from the data subject) (see too recital 61); Article 30 (Records of processing activities) (see too recital 82); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 35 (Data protection impact assessment) (see too recitals 90–91); Article 36 (Prior consultation) (see too recital 94); Article 37 (Designation of the Data Protection Officer) (see too recital 97); Article 39 (Tasks of the data protection officer) (see too recitals 77 and 97); Article 47 (Binding corporate rules) (see too recital 108); Article 52(1) (Independence of supervisory authorities) (see too recitals 117–118 and 120–121); Article 57 (Tasks of supervisory authorities) (see too recital 122); Article 69 (Independence of the EDPB) (see too recital 139).

Sign in / Sign up

Export Citation Format

Share Document