CIPP/E Exam Prep
GDPR - ANS-General data protection regulation (2016) - enforceable as of 2018
Fines - ANS-up to 4% turnover, mandatory audit rights for DPAs
GDPR applies to - ANS-a) establishments in EU
b) offerors of goods/services to EU residents
c) anyone monitoring behavior of EU residents
Article 9: Special categories of personal data - ANS-a) Revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, or trade-union membership
b) genetic data, biometric data for the purpose of uniquely identifying a natural person
c) data concerning health or data concerning a natural person's sex life or sexual
orientation
Exceptions to the special categories processing prohibition - ANS-a) explicit consent - in
addition to article 6, it must be a clear affirmative act
b) in context of employment - applies when necessary for controller to comply with legal
obligation under employment, social security, and social protection law
c) vital interests - identical to article 6 except they must demonstrate it is not possible to
obtain consent
d) political, philosophical and religious purposes - covers foundations, associations,
not-for-profit bodies and those with trade union aim
e) Sensitive data made public by data subject - ie during a media interview or social
media
f) establishment, exercise, or defense of legal claims - requires controller to establish
necessity. There must be a close and substantial connection between the processing
and the purpose
g) substantial public interest - must be balanced with data subject's right to data
protection. Suitable and specific measures must be in place to safeguard data subjects'
rights and interests
h) medicine and social healthcare - must be based on EU or member state law or be
necessary to fulfill a contract
i) Public health - ie serious corss-border threats to health or ensuring high standards of
quality and safety in health care
j) public archives or scientific research - must be proportionate to the purpose and
respect data subjects' rights to data protection
GDPR - ANS-General data protection regulation (2016) - enforceable as of 2018
Fines - ANS-up to 4% turnover, mandatory audit rights for DPAs
GDPR applies to - ANS-a) establishments in EU
b) offerors of goods/services to EU residents
c) anyone monitoring behavior of EU residents
Article 9: Special categories of personal data - ANS-a) Revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, or trade-union membership
b) genetic data, biometric data for the purpose of uniquely identifying a natural person
c) data concerning health or data concerning a natural person's sex life or sexual
orientation
Exceptions to the special categories processing prohibition - ANS-a) explicit consent - in
addition to article 6, it must be a clear affirmative act
b) in context of employment - applies when necessary for controller to comply with legal
obligation under employment, social security, and social protection law
c) vital interests - identical to article 6 except they must demonstrate it is not possible to
obtain consent
d) political, philosophical and religious purposes - covers foundations, associations,
not-for-profit bodies and those with trade union aim
e) Sensitive data made public by data subject - ie during a media interview or social
media
f) establishment, exercise, or defense of legal claims - requires controller to establish
necessity. There must be a close and substantial connection between the processing
and the purpose
g) substantial public interest - must be balanced with data subject's right to data
protection. Suitable and specific measures must be in place to safeguard data subjects'
rights and interests
h) medicine and social healthcare - must be based on EU or member state law or be
necessary to fulfill a contract
i) Public health - ie serious corss-border threats to health or ensuring high standards of
quality and safety in health care
j) public archives or scientific research - must be proportionate to the purpose and
respect data subjects' rights to data protection
