Privacy and Data Protection based on the GDPR. Leo Besemer
3 The principles of processing personal data
3.1 Lawfulness, fairness and transparency
3.1.2 Fairness and transparency
3.2 Purpose specification and purpose limitation
3.2.1 Purpose limitation and further processing
3.4.2 Not incorrect or misleading as to any matter of fact
3.4.4 Personal data challenged
3.6 Integrity and confidentiality
3.6.1 A level of security appropriate to the risk
3.7 Subsidiarity and proportionality
4 Lawful grounds for processing
4.1 Personal data: processing is permitted, provided …
4.1.1 Necessary for the performance of a contract
4.1.2 Necessary for compliance with a legal obligation
4.1.3 Necessary to protect a vital interest
4.1.4 Necessary in the public interest or by an official authority
4.1.5 Necessary for a legitimate interest of the controller
4.1.6 Consent of the data subject
4.2 Sensitive data: processing is prohibited, unless…
4.2.1 The concept of “sensitive data”?
4.2.2 Derogations from the prohibition to process sensitive data
4.3 Recapitulating: the case of Santa Claus
5 The rights of the data subjects
5.1 Right to transparent information, communication and modalities
5.1.1 Information to be provided to the data subject
5.1.2 Derogations to the obligation to provide information
5.1.3 Timing of the response to a request
5.2 Right of access (inspection)
5.2.1 Timing and limitations to the right of access
5.2.3 Conditions for compliance
5.3.1 The concepts of “inaccurate” and “incomplete”
5.3.2 Timing of the response to a request
5.3.5 Conditions for compliance
5.4 Right to erasure (“right to be forgotten”)
5.4.1 Timing of the response to a request
5.4.4 Conditions for compliance
5.5 Right to restriction of processing
5.5.1 Grounds to have processing restricted
5.5.2 Timing of the response to a request