8.

Data subject:

I. The right to personal data protection

II. Legal framework of data protection law

9. Forms of storing data

1. What is GDPR

10. Anonymization

• Relates?

2. Scope of GDPR
:

11. Pseudonymization
Pseudonymous data can be used to re-identify a person →
personal data

3. Controllers & Processors 12. Authentication

A procedure to prove that a person possesses a certain
identity/ is authorized to do certain things by:
• Comparing biometric data
• Asking for information (such as password)
• Requiring the presentation of a certain token
exclusively in the possession of the authorized
person (such as a chip card/ key to a banking
safe)
• Electronic signatures

13. Special categories of personal data

a) Controllers: main decision-makers
+ exercise overall control over the purposes and
means of the processing
+ >=2 controllers control same data → joint
controllers
+ not joint → different purposes
GDPR provides for a controller obligation where processor is
involved
• Racial or ethnic origin
• Political opinions, religious or other beliefs
• Trade union membership
• Genetic data/ biometric data
• Health, sexual life or sexual orientation.
6. Data protection 14. Criminal convictions & offenses

b) Processors: act on behalf of, and only on the

instructions of, the relevant controller.
GDPR places specific legal obligations for a processor

4. Data Processing:

7. Sensitive data:
(Collection, storage, recording, alteration, retrieval, use,
erasure, or extraction)
15. Consent

5. Personal Data:
Information relating to:
• Identified or identifiable person:
 a) Lawfulness
➔ Provides legitimate grounds for data processing.

• Elements for consent to be valid:

16. Third parties & Recipients

• Third parties:

• Incompatible?

• Recipients:

b) Fairness

c) Transparency

III. Core principles of the GDPR

 Appropriate security measure: pseudonymization &
encryption

QUIZ 1

4. Scope of GDPR?

8. “Data that directly/ indirectly reveal s.o.’s racial or ethnic

Personal data shall be:
group, political, philosophical, religious…” belongs to:
• Kept in a form that permits identification of data
subjects for no longer than it is necessary for
the purposes for which the personal data are
processed;
• May be stored longer insofar as the personal data
will be processed solely for archiving purposes in
the public interest, scientific/ historical/ statistical
purposes
 4. The right to lodge a complaint • Excessive?

1. When does right to erasure applies?

5. Exemptions from obligation to inform

It must be provided:

1. Content of the information:

6. Right of access

Every data subject:

a) Refuse to comply with erasure request?

1. What is the right to rectification?

b) Obligations after implementing right to erasure

When is data inaccurate? → Incorrect or misleading.

1. Right to restriction of processing

2. When the data subject contests its accuracy

while this request being checked:

2. Time of providing information

• Obtaining directly
2. Methods to restrict processing:

3. Refusal to comply with rectification request

• Obtaining indirectly:

• Manifestly unfounded?
3. The controller must:
3. Methods of providing information:
 8. When?

4. What to do with restricted data?

1. What is the right to data portability?

QUIZ 3

2. When does the right apply?

3. What is a data subject entitled to?

4. Right to data portability

5. Form of data portability

1. Right to object

5. Object to processing for marketing purposes.

6. Object by automated means
7. Object for scientific, historical, statistical research
I. Right to lodge a complaint with a
supervisory authority

II. Judicial remedies

III. Liabilities & right to compensation

QUIZ 7
QUIZ 4: Electronic communications
QUIZ 5: Employment data
 QUIZ
QUIZ 6: HEALTH DATA
QUIZ 8: VIETNAMESE LAW