Meet the University of Groningen data protection officer
In this video, Arjen Deenen, data protection officer at University of Groningen, explains what his job and responsibilities are.
Course: Understanding the GDPR
Data protection impact assessment and prior consultation
A Data Protection Impact Assessments (DPIA) is a tool to determine in advance the privacy risks involved in data processing. Article 35 and Article 36 impose the obligation to conduct …
Dealing with data breach
The news often reports about companies being targeted by cybercrime, hacked websites and databases, but also of ‘human errors’ and loss of data by employees who leave behind USB sticks …
Keeping records and ensuring security
Based on Article 30, controllers have to maintain records of all processing activities. These records need to be in writing (including in electronic form) and have to be made available …
Providing information to data subjects
When personal data are collected from data subjects, Article 13 and Article 14 determine that the controller needs to provide sufficient information to data subjects, whether the data is obtained …
Processor’s obligations
Data processors carry out processing operations on behalf of controllers. If a processor, while processing, infringes the GDPR by determining purposes and means of the processing, this processor will be …
An overview of a data processor’s obligations
Processors process data on behalf of controllers and under controller’s instructions. Processing has to be governed by a contract or other legal act under EU or national law that is …
Joint controllers and their obligations
Where two or more controllers determine the purposes and means of processing, they are joint controllers (Article 26). Under the GDPR joint controllers have to determine their respective responsibilities for …
Achieving data protection by design and by default
A significant, general GDPR duty for all data controllers is to achieve data protection by design and by default in their processing operations as reflected in Article 25. This is …
The accountability principle
The key concept of the GDPR is that controllers need to be able to show that their processing activities are in line with the data processing principles determined by the …
An overview of a controller’s obligations
Controllers control data processing and determine the purposes and means. With this comes duties and obligations. To comply with obligations under the GDPR, Article 24 provides that controllers have to …
Who are controllers and processors?
Who are data controllers, joint controllers and processors and what are their obligations? Watch this video to find out more. The definitions in Article 4 GDPR determine who controllers and …
Conclusion
This week, we have closely examined the rights of data subjects safeguarded by the GDPR. We have also seen that the usefulness of the GDPR would be limited if no …
Restrictions
Now that we have looked into the rights of natural persons, or data subjects, under the GDPR, it is important to consider possible restrictions of the scope of these rights, …
Rights regarding automated decision-making, representation and compensation
In this video, we have discussed three rights in relation to automated decision-making, representation and compensation. Currently, various decisions are taken by the systems in an automatic manner. Article 22 …
