A Simple Guide to GDPR Articles, Principles, and EU Case Laws — Flashcards | Data Privacy Laws and Regulations | FatSkills

A Simple Guide to GDPR Articles, Principles, and EU Case Laws — Flashcards

Fast review mode: answers are shown by default so you can skim quickly. Hide them if you want to self-test.

The General Data Protection Regulation (GDPR) is the EU's strict data privacy law governing how personal data is collected, used, and protected. It is built on seven core principles—including lawfulness, fairness, transparency, and accountability—and mandates strict rights for individuals, such as the right to erasure and access. 

Core GDPR Principles (Article 5)
Organizations must adhere to seven principles when processing data: 
Lawfulness, fairness, and transparency: Data must be processed legally and transparently.
Purpose limitation: Data must be collected for specific, legitimate purposes.
Data minimization: Only necessary data should be collected.
Accuracy: Data must be kept accurate and up to date.
Storage limitation: Data should only be stored for as long as necessary.
Integrity and confidentiality: Appropriate security measures must be implemented.
Accountability: Data controllers must be able to demonstrate compliance. 

Key GDPR Articles & Requirements
Article 6 (Lawfulness of processing): Processing requires a legal basis (e.g., consent, contract, legal obligation).
Article 7 (Conditions for Consent): Consent must be freely given, specific, and active.
Articles 12-14 (Transparency): Information about data collection must be provided clearly.
Article 15 (Right of Access): Data subjects can request access to their data.
Article 17 (Right to Erasure/Right to be Forgotten): Data subjects can request deletion.
Article 33/34 (Breach Notification): Personal data breaches must be reported to authorities within 72 hours. 

EU Case Laws & Interpretation
EU case law helps define how these articles are applied: 
Employee Privacy: Bărbulescu v. Romania highlighted that employer monitoring must respect employee privacy rights.
Right to be Forgotten: Cases such as Google Spain established that individuals can request the removal of links to personal information under certain conditions, a precursor to Article 17. 

How to Comply
Implement data protection by design and by default.
Maintain documentation of processing activities (Article 30).
Appoint a Data Protection Officer (DPO) if necessary.
Ensure international data transfers comply with GDPR requirements.

1 of 318 Ready
What does GDPR stand for?
General Data Protection Regulation
Shortcuts
Prev Space Show / hide Next
Turn this into a study set.
Sign in with Google to save tricky questions to your reminder list and resume on any device.
Sign in with Google Free • no extra password