Embedded Files
Rules for business and organisations
Rules for business and organisations
In this course, you will find out what your company or organisation must do to comply with EU data protection rules and learn how you can help citizens exercising their rights under the regulation.
In this course, you will find out what your company or organisation must do to comply with EU data protection rules and learn how you can help citizens exercising their rights under the regulation.
Below, the points covered in this section
Below, the points covered in this section
Application of the regulation
Application of the regulation
- Who does the data protection law apply to?
- Do the rules apply to SMEs?
- Do the data protection rules apply to data about a company?
Principles of the GDPR
Principles of the GDPR
- What data can we process and under which conditions?
- Purpose of data processing
- How much data can be collected?
- For how long can data be kept and is it necessary to update it?
- What information must be given to individuals whose data is collected?
Public administrations and data protection
Public administrations and data protection
- What are the main aspects of the General Data Protection Regulation (GDPR) that a public administration should be aware of?
- How should requests from individuals be dealt with?
- What if a public administration fails to comply with the data protection rules?
Legal grounds for processing data
Legal grounds for processing data
- Grounds for processing
- Sensitive data
- Are there any specific safeguards for data about children?
- Can data received from a third party be used for marketing?
Obligations
Obligations
- Controller/processor
- Are the obligations the same regardless of the amount of data my company/organisation handles?
- What does data protection ‘by design’ and ‘by default’ mean?
- What is a data breach and what do we have to do in case of a data breach?
- When is a Data Protection Impact Assessment (DPIA) required?
- Data Protection Officers
- What rules apply if my organisation transfers data outside the EU?
- How can I demonstrate that my organisation is compliant with the GDPR?
Dealing with citizens
Dealing with citizens
- How should requests from individuals exercising their data protection rights be dealt with?
- What personal data and information can individually access on request?
- Do we always have to delete personal data if a person asks?
- What happens if someone objects to my company processing their personal data?
- Can individuals ask to have their data transferred to another organisation?
- Are there restrictions on the use of automated decision-making?
Enforcement and sanctions
Enforcement and sanctions
- Enforcement
- Sanctions
Report abuse